← volver
CVE-2016-10751

CVE-2016-10751

EPSS 2.9%
osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://blog.ripstech.com/2016/osclass-remote-code-execution-via-image-file/https://demo.ripstech.com/projects/osclass_3.6.1