Summary
This host is running OCS Inventory NG and is prone to multiple SQL Injection vulnerabilities.
Impact
Successful exploitation will allow attacker to inject arbitrary SQL code and obtain sensitive information about system configurations and softwares on the network.
Impact Level: System
Solution
Upgrade to version 1.02.1
http://www.ocsinventory-ng.org/index.php?page=downloads
*****
NOTE: Ignore this warning if the application is upgraded to version 1.02.1 *****
Insight
The user supplied input passedd into 'N', 'DL', 'O', 'v' parameters in download.php and 'systemid' parameter in group_show.php file is not sanitised before being used in an SQL query.
Affected
OCS Inventory NG version 1.02
References
Severity
Classification
-
CVE CVE-2009-3040 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat AJP Protocol Security Bypass Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Artifectx xClassified 'catid' SQL Injection Vulnerability
- Apache Struts ClassLoader Manipulation Vulnerabilities