Ocsinventory-ng » Ocsinventory Ng : Security Vulnerabilities, CVEs, CVSS score >= 7
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Max CVSS
8.8
EPSS Score
0.16%
Published
2018-11-29
Updated
2019-01-31
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
Max CVSS
9.1
EPSS Score
1.46%
Published
2018-08-04
Updated
2018-10-01
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.
Max CVSS
9.0
EPSS Score
0.18%
Published
2018-08-04
Updated
2018-10-02
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
Max CVSS
8.8
EPSS Score
0.09%
Published
2018-08-04
Updated
2018-10-01
4 vulnerabilities found