{“lastseen”:”2026-02-02T18:28:48″,”description”:”A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise…”,”published”:”2026-02-02T00:00:00″,”modified”:”2026-02-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214736″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2014-6308″],”sourceData”:”OsClass 3.4.1 – Local File Inclusion (LFI)\\n Advisory ID: RO-14-003\\n CVE ID: CVE-2014-6308\\n Severity: Critical\\n Vendor: OsClass\\n Product: OsClass\\n Version: 3.4.1\\n \\n \\n Overview #\\n \\n A Local File Inclusion (LFI) vulnerability exists in OsClass version 3.4.1 that allows remote attackers to include arbitrary files from the server.\\n \\n \\n Vulnerability Details #\\n \\n Affected Versions: 3.4.1 and earlier\\n \\n Root Cause: Insufficient validation of user-supplied input allows attackers to manipulate file paths and include local files.\\n \\n \\n Exploitation Requirements #\\n \\n No authentication required\\n Direct access to the vulnerable endpoint\\n \\n Impact #\\n \\n Remote attackers can exploit this vulnerability to:\\n \\n Read sensitive configuration files\\n Access database credentials\\n View source code\\n Potentially achieve remote code execution\\n \\n Proof of Concept #\\n \\n Details available upon request.\\n \\n \\n Solution #\\n \\n Upgrade to a patched version of OsClass that includes proper input validation for file inclusion operations.\\n \\n \\n References #\\n \\n CVE-2014-6308\\n \\n Timeline:\\n \\n [2014-01-01] – Discovered\\n \\n Credits: Omar Kurt”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214736″,”cvss”:{“score”:5,”severity”:”MEDIUM”,”vector”:”AV:N\/AC:L\/Au:N\/C:P\/I:N\/A:N”,”version”:”2.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214736\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-02T18:28:48″,”description”:”A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,128,12,21,13,53,7,11,5],"class_list":["post-38560","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-50","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n