PT-2018-13073 · Ocs Inventory+1 · Ocs Inventory Ng+1
Simon Uvarov
·
Publicado
2018-11-29
·
Atualizado
2019-01-31
·
CVE-2018-15537
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OCS Inventory NG (affected versions not specified)
Description
The issue allows a privileged user to gain access to the server via crafted HTTP requests, exploiting an unrestricted file upload vulnerability with remote code execution in the ocsreports component.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Debian
Ocs Inventory Ng