CVE-2018-1000558
Summary
| CVE | CVE-2018-1000558 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-26 16:29:00 UTC |
| Updated | 2018-08-20 13:42:00 UTC |
| Description | OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ocsinventory-ng | Ocsinventory Ng | 2.3.1 | All | All | All |
| Application | Ocsinventory-ng | Ocsinventory Ng | 2.4 | All | All | All |
| Application | Ocsinventory-ng | Ocsinventory Ng | 2.3.1 | All | All | All |
| Application | Ocsinventory-ng | Ocsinventory Ng | 2.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.secuvera.de/advisories/secuvera-SA-2017-04.txt | MISC | www.secuvera.de | Exploit, Third Party Advisory |
| 404 Not Found | MISC | www.ocsinventory-ng.org | Release Notes, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.