CVE-2012-1617: Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) ...

Description

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

Metrics

EPSS Probability

9.94%

95.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions	Update
Juan Ramon	Osclass	<= 2.3.5	—
Juan Ramon	Osclass	1.1	—
Juan Ramon	Osclass	1.2	Alpha
Juan Ramon	Osclass	2.0	—
Juan Ramon	Osclass	2.0.1	—
Juan Ramon	Osclass	2.0.2	—
Juan Ramon	Osclass	2.0.3	—
Juan Ramon	Osclass	2.1	—
Juan Ramon	Osclass	2.1.1	—
Juan Ramon	Osclass	2.2	—
Juan Ramon	Osclass	2.2.1	—
Juan Ramon	Osclass	2.2.2	—
Juan Ramon	Osclass	2.2.3	—
Juan Ramon	Osclass	2.3	—
Juan Ramon	Osclass	2.3.1	—
Juan Ramon	Osclass	2.3.2	—
Juan Ramon	Osclass	2.3.3	—
Juan Ramon	Osclass	2.3.4	—

References

Timeline

Published: Sep 26, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2012-1617?

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

How severe is CVE-2012-1617?

Severity scoring for CVE-2012-1617 is pending analysis. The EPSS model estimates a 9.94% probability of exploitation in the next 30 days.

How do I fix CVE-2012-1617?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.