CVE-2018-1000558
Last modified
CVE-2018-1000558 is a vulnerability of currently unknown severity. OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ocsinventory-Ng | Ocsinventory Ng | 2.3.1 |
| Ocsinventory-Ng | Ocsinventory Ng | 2.4 |
References
- https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/Release Notes, Vendor Advisory
- https://www.secuvera.de/advisories/secuvera-SA-2017-04.txtExploit, Third Party Advisory
- https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/Release Notes, Vendor Advisory
- https://www.secuvera.de/advisories/secuvera-SA-2017-04.txtExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000558?
How severe is CVE-2018-1000558?
How do I fix CVE-2018-1000558?
Are you affected by CVE-2018-1000558?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST