osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajax_upload.
Published at: May 24, 2019 at 09:29PM
View on website
No comments:
Post a Comment