Osclass Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-8083 - Vulnerability Database

Osclass

Osclass Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-8083

High

Reference: CVE-2014-8083

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-8083

Title: Osclass Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Overview:

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.