CVE-2014-6308 Scanner
Detects 'Directory Traversal' vulnerability in OSClass affects v. before 3.4.2.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
OSClass is an open-source application used for creating classifieds websites. It is a powerful tool for website developers who want to design an easy-to-use and attractive classifieds platform. Its multi-language and robust plugin capability make it a popular choice among website developers. OSClass is particularly useful for small businesses or website owners who do not have the budget to pay for expensive classifieds website development.
One of the main weaknesses of OSClass is the vulnerability identified as CVE-2014-6308. This vulnerability is related to directory traversal and allows remote attackers to read any files within the index.php folder by using the ".." parameter in the file parameter in the oc-admin/render action. Hackers can exploit this vulnerability to access important and sensitive data, such as personal information or system files, which could have a devastating impact on the website's security.
If this vulnerability is exploited, the attacker can access and read arbitrary files leading to unauthorized access to the server, system files or confidential information of users or the organization. Such data can be utilized for malicious intent, including identity theft or cyber-fraud activities, to create havoc for affected individuals, and may result in lawsuits or compliance issues.
At s4e.io, our platform provides professional features that offer comprehensive vulnerability assessments for digital assets. Clients can receive real-time alerts and detailed reports on the identified vulnerabilities and how to boost their website security. This website security feature makes it easy for website owners and developers to protect their digital assets against vulnerabilities. By using our product, developers can take full advantage of an easy-to-use and secure platform while protecting against cyber-threats.
REFERENCES
- http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download/
- http://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
- http://www.securityfocus.com/archive/1/533456/100/0/threaded
- https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435
- https://www.netsparker.com/lfi-vulnerability-in-osclass/
