OCSInventory-NG/OCSInventory-ocsreports on GitHub
Webconsole for OCS Inventory NG
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2020-14947 | 8.8 HIGH | 6.5 MEDIUM | |
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid. | |||
CVE-2018-14857 | 8.8 HIGH | 6.5 MEDIUM | |
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. |