osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-05-24T17:40:09
Updated: 2024-08-06T03:30:20.206Z
Reserved: 2019-05-24T00:00:00
Link: CVE-2016-10751
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-05-24T18:29:00.253
Modified: 2019-05-29T18:52:25.447
Link: CVE-2016-10751
Redhat
No data.