Summary
This host is running OCS Inventory NG and is prone to Information Disclosure vulnerability.
Impact
Successful exploitation will allow attacker to cause path traversal attack, and gain sensitive information.
Impact Level: System
Solution
Upgrade to OCS Inventory NG version 1.02.1 or later http://www.ocsinventory-ng.org/index.php?page=downloads
Insight
The flaw is due to improper sanitization of user supplied input through the 'cvs.php' file which can exploited by sending a direct request to the 'log' parameter.
Affected
OCS Inventory NG version prior to 1.02.1
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-2166 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities