Skip to main content

Osclass CVE-2014-8083

HIGH
SQL Injection (CWE-89)
2015-01-05 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Jan 05, 2015 - 20:59 cve.org
HIGH 7.5

DescriptionCVE.org

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.

AnalysisAI

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. Affected products include: Osclass. Version information: before 3.4.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2014-6308 MEDIUM POC
5.0 Oct 20

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. Rated

CVE-2012-1617 MEDIUM POC
6.4 Sep 26

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbit

CVE-2012-0973 HIGH POC
7.5 Sep 25

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands

CVE-2024-27515 HIGH POC
7.2 Feb 28

Osclass 5.1.2 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable

CVE-2012-0974 MEDIUM POC
4.3 Sep 25

Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in O

CVE-2014-6280 MEDIUM POC
4.3 Oct 20

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary w

CVE-2014-8084 HIGH
7.5 Jan 05

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attac

CVE-2014-8085 MEDIUM
6.8 Jan 05

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php

CVE-2012-5162 MEDIUM
6.5 Sep 26

Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execu

CVE-2012-5163 MEDIUM
4.3 Sep 26

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to in

Share

CVE-2014-8083 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy