Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T09:38:14.001Z

Reserved: 2018-08-02T00:00:00

Link: CVE-2018-14857

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-06T21:29:00.453

Modified: 2024-11-21T03:49:56.150

Link: CVE-2018-14857

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.