OSClass Multiple Remote Vulnerabilities

OSClass is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and a remote file-include vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary server-side script code on an affected computer in the context of the webserver process; other attacks are also possible.

OSClass 2.3.4 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus