NVD
- Id
- 35307
- Name
- CVE-2014-8085
- Description
- Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
- Reject
- CVSS Version
- 2
- CVSS Score
- 6.8
- Severity
- Medium
- CVSS Base Score
- 6.8
- CVSS Impact Subscore
- 6.4
- CVSS Exploit Subscore
- 8.6
- CVSS Vector
- (AV:N/AC:M/Au:N/C:P/I:P/A:P)
- Pub Date
- 2017-01-19
- Published
- 2015-01-05
- Modified Date
- 2015-01-06
- Seq
- 2014-8085