Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15537 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2019-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | |||||
| CVE-2018-12483 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2018-10-02 | 9.0 HIGH | 8.8 HIGH |
| OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. | |||||
| CVE-2018-12482 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2018-10-01 | 6.5 MEDIUM | 8.8 HIGH |
| OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. | |||||