CVE-2012-0973
Published
CVSS v3
N/A
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.
With Osclass, get your own classifieds site for free. Build your own Osclass installation and start advertising real estate, jobs or whatever you want- in minutes!
GitHub