CVE-2018-14857
OCS Inventory NG Webconsole Shell Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
Subida de archivos sin restricción (con ejecución remota de código) en require/mail/NotificationMail.php en Webconsole en OCS Inventory NG OCS Inventory Server hasta la versión 2.5 permite que un usuario privilegiado obtenga acceso al servidor mediante un archivo de plantilla que contiene código PHP, debido a que se permiten extensiones de archivo diferentes a .html.
OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-08-02 CVE Reserved
- 2018-08-06 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2018/Aug/6 | Mailing List | |
http://www.securitytracker.com/id/1041418 | Third Party Advisory | |
https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ocsinventory-ng Search vendor "Ocsinventory-ng" | Ocs Inventory Server Search vendor "Ocsinventory-ng" for product "Ocs Inventory Server" | <= 2.5 Search vendor "Ocsinventory-ng" for product "Ocs Inventory Server" and version " <= 2.5" | - |
Affected
|