High severity8.8OSV Advisory· Published Aug 6, 2018· Updated Jun 17, 2026
CVE-2018-14857
CVE-2018-14857
Description
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 2.2, 2.2.1, 2.2Beta2, …
- Range: <=2.5
Patches
Vulnerability mechanics
References
3- seclists.org/fulldisclosure/2018/Aug/6nvdMailing ListThird Party Advisory
- www.securitytracker.com/id/1041418nvdThird Party AdvisoryVDB Entry
- github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515nvdThird Party Advisory
News mentions
0No linked articles in our index yet.