Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8083

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-8083
Last Modified 06 Jan 2015 11:43:19
Published 05 Jan 2015 03:59:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8083

Summary

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.

Vulnerable Systems

Application

  • Osclass 3.4.2


References

BID - 71840

BUGTRAQ - 20141231 [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability

MISC - http://packetstormsecurity.com/files/129775/Osclass-3.4.2-SQL-Injection.html

MISC - http://karmainsecurity.com/KIS-2014-14

CONFIRM - http://blog.osclass.org/2014/10/09/osclass-3-4-3-ready-download/


Last Updated: 27 May 2016 11:07:26