Webconsole for OCS Inventory NG

CVE History

CVEPublishedCVSS v2CVSS v3
CVE-2020-149478.8 HIGH6.5 MEDIUM
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
CVE-2018-148578.8 HIGH6.5 MEDIUM
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.