Ocsinventory-ng : Security Vulnerabilities, CVEs, (Code Execution)
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Max CVSS
8.8
EPSS Score
0.19%
Published
2018-11-29
Updated
2019-01-31
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
Max CVSS
8.8
EPSS Score
0.73%
Published
2018-08-06
Updated
2018-10-10
2 vulnerabilities found