Share
## https://sploitus.com/exploit?id=PACKETSTORM:214736
OsClass 3.4.1 - Local File Inclusion (LFI)
    Advisory ID: RO-14-003
    CVE ID: CVE-2014-6308
    Severity: Critical
    Vendor: OsClass
    Product: OsClass
    Version: 3.4.1
    
    
    Overview #
    
    A Local File Inclusion (LFI) vulnerability exists in OsClass version 3.4.1 that allows remote attackers to include arbitrary files from the server.
    
    
    Vulnerability Details #
    
    Affected Versions: 3.4.1 and earlier
    
    Root Cause: Insufficient validation of user-supplied input allows attackers to manipulate file paths and include local files.
    
    
    Exploitation Requirements #
    
        No authentication required
        Direct access to the vulnerable endpoint
    
    Impact #
    
    Remote attackers can exploit this vulnerability to:
    
        Read sensitive configuration files
        Access database credentials
        View source code
        Potentially achieve remote code execution
    
    Proof of Concept #
    
    Details available upon request.
    
    
    Solution #
    
    Upgrade to a patched version of OsClass that includes proper input validation for file inclusion operations.
    
    
    References #
    
        CVE-2014-6308
    
    Timeline:
    
        [2014-01-01] - Discovered
    
    Credits: Omar Kurt