VYPR

ocsreports

by Ocsinventory Ng

Source repositories

CVEs (4)

  • CVE-2018-15537HigNov 29, 2018
    risk 0.58cvss 8.8epss 0.05

    Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.

  • CVE-2018-14857HigAug 6, 2018
    risk 0.50cvss 8.8epss 0.04

    Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions…

  • CVE-2018-1000558MedJun 26, 2018
    risk 0.42cvss 6.5epss 0.01

    OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By…

  • CVE-2020-14947HigJun 30, 2020
    risk 0.05cvss 8.8epss 0.19

    OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.