RSS   Vulnerabilities for 'Ocs inventory server'   RSS

2018-08-06
 
CVE-2018-14857

CWE-434
 

 
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

 

 >>> Vendor: Ocsinventory-ng 4 Products
Ocs inventory ng
Ocsinventory-agent
Ocsinventory ng
Ocs inventory server


Copyright 2024, cxsecurity.com

 

Back to Top