Unrated severityNVD Advisory· Published Sep 26, 2012· Updated Apr 29, 2026
CVE-2012-1617
CVE-2012-1617
Description
Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.
Affected products
22cpe:2.3:a:juan_ramon:osclass:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:juan_ramon:osclass:*:*:*:*:*:*:*:*range: <=2.3.5
- cpe:2.3:a:juan_ramon:osclass:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:1.1:rc:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:1.2:delta:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.0:rc:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:juan_ramon:osclass:2.3.4:*:*:*:*:*:*:*
Patches
31e7626f4e1a2https://github.com/osclass/OSClassvia nvd-ref
a40b76695994https://github.com/osclass/OSClassvia nvd-ref
ff7ef8a97301https://github.com/osclass/OSClassvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- archives.neohapsis.com/archives/bugtraq/2012-03/0024.htmlnvdExploit
- osclass.org/2012/03/05/osclass-2-3-6/nvdExploitPatch
- www.codseq.it/advisories/osclass_directory_traversal_vulnerabilitynvdExploit
- www.openwall.com/lists/oss-security/2012/04/03/1nvdExploit
- www.openwall.com/lists/oss-security/2012/04/04/7nvdExploitPatch
- www.securityfocus.com/bid/52336nvdExploit
- github.com/osclass/OSClass/commit/1e7626f4e1a26371480989c0b937f107ea9a6d4bnvdExploitPatch
- github.com/osclass/OSClass/commit/a40b76695994442644e46e1b776d79660500566anvdExploitPatch
- github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2fnvdExploitPatch
- secunia.com/advisories/48284nvdVendor Advisory
- www.openwall.com/lists/oss-security/2012/04/02/1nvd
- www.openwall.com/lists/oss-security/2012/04/02/6nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/73754nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/73755nvd
News mentions
0No linked articles in our index yet.