CVE-2014-6308

Name of the Vulnerable Software and Affected Versions OSClass versions prior to 3.4.2

Description The issue allows remote attackers to read arbitrary files by exploiting a directory traversal vulnerability. This is achieved by including a .. (dot dot) in the file parameter within a render action to "oc-admin/index.php".

Recommendations For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue.