Vulnerabilities > Ocsinventory NG > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-29 | CVE-2018-15537 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng Ocsinventory NG Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. | 8.8 |
| 2018-08-06 | CVE-2018-14857 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | 8.8 |
| 2018-08-04 | CVE-2018-12483 | OS Command Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1 OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. | 8.8 |
| 2018-08-04 | CVE-2018-12482 | SQL Injection vulnerability in Ocsinventory-Ng Ocsinventory NG 2.4.1 OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. | 8.8 |