mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-30 00:40:29 +02:00
876 B
876 B
CVE-2014-8085
Description
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
POC
Reference
- http://packetstormsecurity.com/files/129777/Osclass-3.4.2-Shell-Upload.html
- http://seclists.org/fulldisclosure/2014/Dec/134
Github
No PoCs found on GitHub currently.