PT-2018-12768 · Ocs Inventory · Ocsinventory-Server

Simon Uvarov

Published

2018-08-06

Updated

2018-10-10

CVE-2018-14857

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OCS Inventory Server versions prior to 2.5

Description The issue allows a privileged user to gain access to the server via a template file containing PHP code. This is due to unrestricted file upload in the require/mail/NotificationMail.php file in Webconsole, where file extensions other than .html are permitted.

Recommendations For versions prior to 2.5, restrict file uploads to only allow .html extensions to prevent remote code execution. As a temporary workaround, consider disabling the file upload feature in the Webconsole until a patch is available.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-14857

Affected Products

Ocsinventory-Server

PT-2018-12768 · Ocs Inventory · Ocsinventory-Server

CVE-2018-14857

Weakness Enumeration

Related Identifiers

Affected Products

References · 8