OCS Inventory NG 'cvs.php' Inforamtion Disclosure Vulnerability Network Vulnerability

Summary

This host is running OCS Inventory NG and is prone to Information Disclosure vulnerability.

Impact

Successful exploitation will allow attacker to cause path traversal attack, and gain sensitive information. Impact Level: System

Solution

Upgrade to OCS Inventory NG version 1.02.1 or later http://www.ocsinventory-ng.org/index.php?page=downloads

Insight

The flaw is due to improper sanitization of user supplied input through the 'cvs.php' file which can exploited by sending a direct request to the 'log' parameter.

Affected

OCS Inventory NG version prior to 1.02.1

References

http://xforce.iss.net/xforce/xfdb/50946

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2166

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Apache Subversion Module Metadata Accessible

Take action and discover your vulnerabilities