Ocs Inventory · Ocs Inventory Ng · CVE-2009-3042
Name of the Vulnerable Software and Affected Versions:
OCS Inventory NG version 1.02.1
Description:
A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `systemid` parameter in the "machine.php" file.
Recommendations:
For OCS Inventory NG version 1.02.1, avoid using the `systemid` parameter in the vulnerable "machine.php" file until a fix is available. Consider restricting access to this file to minimize the risk of exploitation.