Search
Find a vulnerability
Search criteria
4 vulnerabilities found for ocs_inventory_server by ocsinventory-ng
CVE-2026-22675 (GCVE-0-2026-22675)
Vulnerability from nvd – Published: 2026-04-06 21:19 – Updated: 2026-05-26 11:52
VLAI
Title
OCS Inventory NG Server Stored XSS via User-Agent
Summary
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OCSInventory-NG/OCSInventory-S… | issue-tracking |
| https://github.com/OCSInventory-NG/OCSInventory-S… | patch |
| https://www.vulncheck.com/advisories/ocs-inventor… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OCS Inventory | OCS Inventory NG Server |
Affected:
0 , ≤ 2.12.3
(semver)
Unaffected: 78faf2ca8b897141ba4d337d75692ab8e405bd4e (git) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:39:21.858530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:39:31.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OCS Inventory NG Server",
"repo": "https://github.com/OCSInventory-NG/OCSInventory-Server",
"vendor": "OCS Inventory",
"versions": [
{
"lessThanOrEqual": "2.12.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "78faf2ca8b897141ba4d337d75692ab8e405bd4e",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexandre Nesic (@_atsika) at Quarkslab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.\u003cbr\u003e"
}
],
"value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:52:01.295Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/pull/483"
},
{
"tags": [
"patch"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/commit/78faf2ca8b897141ba4d337d75692ab8e405bd4e"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ocs-inventory-ng-server-stored-xss-via-user-agent"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OCS Inventory NG Server Stored XSS via User-Agent",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22675",
"datePublished": "2026-04-06T21:19:59.435Z",
"dateReserved": "2026-01-08T19:04:26.365Z",
"dateUpdated": "2026-05-26T11:52:01.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-14857 (GCVE-0-2018-14857)
Vulnerability from nvd – Published: 2018-08-06 21:00 – Updated: 2024-08-05 09:38
VLAI
Summary
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/6 | mailing-listx_refsource_FULLDISC |
| https://github.com/OCSInventory-NG/OCSInventory-o… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041418 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"
},
{
"name": "1041418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"
},
{
"name": "1041418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/6"
},
{
"name": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515",
"refsource": "CONFIRM",
"url": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"
},
{
"name": "1041418",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14857",
"datePublished": "2018-08-06T21:00:00.000Z",
"dateReserved": "2018-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:38:14.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-22675 (GCVE-0-2026-22675)
Vulnerability from cvelistv5 – Published: 2026-04-06 21:19 – Updated: 2026-05-26 11:52
VLAI
Title
OCS Inventory NG Server Stored XSS via User-Agent
Summary
OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OCSInventory-NG/OCSInventory-S… | issue-tracking |
| https://github.com/OCSInventory-NG/OCSInventory-S… | patch |
| https://www.vulncheck.com/advisories/ocs-inventor… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OCS Inventory | OCS Inventory NG Server |
Affected:
0 , ≤ 2.12.3
(semver)
Unaffected: 78faf2ca8b897141ba4d337d75692ab8e405bd4e (git) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T13:39:21.858530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T13:39:31.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OCS Inventory NG Server",
"repo": "https://github.com/OCSInventory-NG/OCSInventory-Server",
"vendor": "OCS Inventory",
"versions": [
{
"lessThanOrEqual": "2.12.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "78faf2ca8b897141ba4d337d75692ab8e405bd4e",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexandre Nesic (@_atsika) at Quarkslab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard.\u003cbr\u003e"
}
],
"value": "OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript by submitting malicious User-Agent HTTP headers to the /ocsinventory endpoint. Attackers can register rogue agents or craft requests with malicious User-Agent values that are stored without sanitization and rendered with insufficient encoding in the web console, leading to arbitrary JavaScript execution in the browsers of authenticated users viewing the statistics dashboard."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T11:52:01.295Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/pull/483"
},
{
"tags": [
"patch"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-Server/commit/78faf2ca8b897141ba4d337d75692ab8e405bd4e"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ocs-inventory-ng-server-stored-xss-via-user-agent"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OCS Inventory NG Server Stored XSS via User-Agent",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-22675",
"datePublished": "2026-04-06T21:19:59.435Z",
"dateReserved": "2026-01-08T19:04:26.365Z",
"dateUpdated": "2026-05-26T11:52:01.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-14857 (GCVE-0-2018-14857)
Vulnerability from cvelistv5 – Published: 2018-08-06 21:00 – Updated: 2024-08-05 09:38
VLAI
Summary
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/6 | mailing-listx_refsource_FULLDISC |
| https://github.com/OCSInventory-NG/OCSInventory-o… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041418 | vdb-entryx_refsource_SECTRACK |
Date Public
2018-08-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:14.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"
},
{
"name": "1041418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041418"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-06T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"
},
{
"name": "1041418",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041418"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180803 CVE-2018-14857 (Unrestricted File Upload (RCE) in OCS Inventory NG Webconsole before 2.5)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/6"
},
{
"name": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515",
"refsource": "CONFIRM",
"url": "https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"
},
{
"name": "1041418",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041418"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-14857",
"datePublished": "2018-08-06T21:00:00.000Z",
"dateReserved": "2018-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:38:14.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}