QwikSec

Security Database

CVE

CWE

Training

CVE-2018-14857

Published: Aug 6, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)

mailing-list

x_refsource_FULLDISC

https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.