📄 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214736

5 / 10

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise...

Visit Original Source

Basic Information

ID PACKETSTORM:214736

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions OsClass 3.4.1 - Local File Inclusion (LFI)
Advisory ID: RO-14-003
CVE ID: CVE-2014-6308
Severity: Critical
Vendor: OsClass
Product: OsClass
Version: 3.4.1

Overview #

A Local File Inclusion (LFI) vulnerability exists in OsClass version 3.4.1 that allows remote attackers to include arbitrary files from the server.

Vulnerability Details #

Affected Versions: 3.4.1 and earlier

Root Cause: Insufficient validation of user-supplied input allows attackers to manipulate file paths and include local files.

Exploitation Requirements #

No authentication required
Direct access to the vulnerable endpoint

Impact #

Remote attackers can exploit this vulnerability to:

Read sensitive configuration files
Access database credentials
View source code
Potentially achieve remote code execution

Proof of Concept #

Details available upon request.

Solution #

Upgrade to a patched version of OsClass that includes proper input validation for file inclusion operations.

References #

CVE-2014-6308

Timeline:

[2014-01-01] - Discovered

Credits: Omar Kurt

{
    "lastseen": "2026-02-02T18:28:48",
    "description": "A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214736",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2014-6308"
    ],
    "sourceData": "OsClass 3.4.1 - Local File Inclusion (LFI)\n    Advisory ID: RO-14-003\n    CVE ID: CVE-2014-6308\n    Severity: Critical\n    Vendor: OsClass\n    Product: OsClass\n    Version: 3.4.1\n    \n    \n    Overview #\n    \n    A Local File Inclusion (LFI) vulnerability exists in OsClass version 3.4.1 that allows remote attackers to include arbitrary files from the server.\n    \n    \n    Vulnerability Details #\n    \n    Affected Versions: 3.4.1 and earlier\n    \n    Root Cause: Insufficient validation of user-supplied input allows attackers to manipulate file paths and include local files.\n    \n    \n    Exploitation Requirements #\n    \n        No authentication required\n        Direct access to the vulnerable endpoint\n    \n    Impact #\n    \n    Remote attackers can exploit this vulnerability to:\n    \n        Read sensitive configuration files\n        Access database credentials\n        View source code\n        Potentially achieve remote code execution\n    \n    Proof of Concept #\n    \n    Details available upon request.\n    \n    \n    Solution #\n    \n    Upgrade to a patched version of OsClass that includes proper input validation for file inclusion operations.\n    \n    \n    References #\n    \n        CVE-2014-6308\n    \n    Timeline:\n    \n        [2014-01-01] - Discovered\n    \n    Credits: Omar Kurt",
    "sourceHref": "https://packetstorm.news/download/214736",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
        "version": "2.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214736/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply