CVE-2018-12483

Name: CVE-2018-12483
Creator: NVD / NIST
Published: 2018-08-04T01:29:02.81+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.22%

Last modified Jun 17, 2026

CVE-2018-12483 is a vulnerability of currently unknown severity. OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. EPSS estimates a 3.22% chance of exploitation in the next 30 days.

Description

OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.

Metrics

EPSS Probability

3.22%

86.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Ocsinventory-Ng	Ocsinventory Ng	2.4.1

References

https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/Exploit, Third Party Advisory
https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/Exploit, Third Party Advisory

Timeline

Published: Aug 4, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-12483?

How severe is CVE-2018-12483?

Severity scoring for CVE-2018-12483 is pending analysis. The EPSS model estimates a 3.22% probability of exploitation in the next 30 days.

How do I fix CVE-2018-12483?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-12483?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST