This host is running OCS Inventory NG and is prone to multiple SQL injection vulnerabilities.

Successful exploitation will allow remote attackers to to view, add, modify or delete information in the back-end database. Impact Level: Application.

Upgrade to OCS Inventory NG version 1.02.3 For updates refer to http://www.ocsinventory-ng.org/

The flaws are due to the error in the 'index.php' page, which fails to properly varify the user supplied input via the 'search' form for the various inventory fields and via the All softwares search form for the 'Software name' field.

OCS Inventory NG prior to 1.02.3

• http://osvdb.org/61942
• http://secunia.com/advisories/38311
• http://xforce.iss.net/xforce/xfdb/55873

---

Updated on 2015-03-25