Skip to main content

Osclass CVE-2024-27515

HIGH
SQL Injection (CWE-89)
2024-02-28 cve@mitre.org
7.2
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 28, 2024 - 13:15 cve.org
HIGH 7.2

DescriptionCVE.org

Osclass 5.1.2 is vulnerable to SQL Injection.

AnalysisAI

Osclass 5.1.2 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Affected products include: Mindstellar Osclass.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2014-6308 MEDIUM POC
5.0 Oct 20

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. Rated

CVE-2012-1617 MEDIUM POC
6.4 Sep 26

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbit

CVE-2012-0973 HIGH POC
7.5 Sep 25

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands

CVE-2012-0974 MEDIUM POC
4.3 Sep 25

Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in O

CVE-2014-6280 MEDIUM POC
4.3 Oct 20

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary w

CVE-2014-8084 HIGH
7.5 Jan 05

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attac

CVE-2014-8083 HIGH
7.5 Jan 05

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execut

CVE-2014-8085 MEDIUM
6.8 Jan 05

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php

CVE-2012-5162 MEDIUM
6.5 Sep 26

Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execu

CVE-2012-5163 MEDIUM
4.3 Sep 26

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to in

Share

CVE-2024-27515 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy