Skip to main content

Osclass

11 CVEs product

Monthly

CVE-2024-27515 HIGH POC This Week

Osclass 5.1.2 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Osclass
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2014-8085 MEDIUM This Month

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Osclass
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2014-8084 HIGH PATCH This Week

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Osclass
NVD
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-8083 HIGH PATCH This Week

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Osclass
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2014-6308 MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

Path Traversal PHP Osclass
NVD Exploit-DB GitHub
CVSS 2.0
5.0
EPSS
77.9%
Threat
4.8
CVE-2014-6280 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Osclass
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5163 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Osclass
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-5162 MEDIUM This Month

Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Osclass
NVD GitHub
CVSS 2.0
6.5
EPSS
0.4%
CVE-2012-1617 MEDIUM POC PATCH This Month

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Osclass
NVD Exploit-DB GitHub
CVSS 2.0
6.4
EPSS
9.1%
CVE-2012-0974 MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

PHP XSS Osclass
NVD Exploit-DB GitHub
CVSS 2.0
4.3
EPSS
11.4%
CVE-2012-0973 HIGH POC This Week

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Osclass
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
2.3%
EPSS 1% CVSS 7.2
HIGH POC This Week

Osclass 5.1.2 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Osclass
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

PHP File Upload Osclass
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Osclass
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Osclass
NVD
EPSS 78% 4.8 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.9%.

Path Traversal PHP Osclass
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Osclass
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP XSS Osclass
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Osclass
NVD GitHub
EPSS 9% CVSS 6.4
MEDIUM POC PATCH This Month

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Path Traversal Osclass
NVD Exploit-DB GitHub
EPSS 11% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.4%.

PHP XSS Osclass
NVD Exploit-DB GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Osclass
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy