Описание
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| ocsinventory-server | fixed | 2.8.1+dfsg1+~2.11.1-1 | package |
Примечания
Authentication is needed, only supported in trusted environments, see debtags
Bug https://github.com/OCSInventory-NG/OCSInventory-ocsreports/issues/1323
Fixed in oscinventory-report component version 2.10. Debian installs a own
ocsinventory-reports.conf since 2.2+dfsg-0.1.
Связанные уязвимости
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.