← voltar
CVE-2016-10751

CVE-2016-10751

EPSS 2.9%
osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://blog.ripstech.com/2016/osclass-remote-code-execution-via-image-file/https://demo.ripstech.com/projects/osclass_3.6.1