Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OCS Inventory NG OCS Inventory Server 安全漏洞
Vulnerability Description
OCS Inventory NG OCS Inventory Server是OCS Inventory团队开发的一套资产管理软件。该软件能够帮助管理员掌握计算机软件安装和配置,以及在HTTP代理和服务器之间实现低网络流量通讯。 OCS Inventory NG OCS Inventory Server 2.5及之前版本中的require/mail/NotificationMail.php文件存在安全漏洞,该漏洞源于除了.html文件,程序可以上传其他扩展名文件。远程攻击者可通过上传包含PHP代码的模板文件
CVSS Information
N/A
Vulnerability Type
N/A