CVE-2010-1733
06.05.2010, 12:47
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
| Vendor | Product | Version |
|---|---|---|
| ocsinventory-ng | ocs_inventory_ng | 𝑥 ≤ 1.02.1 |
| ocsinventory-ng | ocs_inventory_ng | 1.0:beta |
| ocsinventory-ng | ocs_inventory_ng | 1.0:rc1 |
| ocsinventory-ng | ocs_inventory_ng | 1.0:rc2 |
| ocsinventory-ng | ocs_inventory_ng | 1.0:rc3 |
| ocsinventory-ng | ocs_inventory_ng | 1.0:rc3-1 |
| ocsinventory-ng | ocs_inventory_ng | 1.01 |
| ocsinventory-ng | ocs_inventory_ng | 1.02 |
| ocsinventory-ng | ocs_inventory_ng | 1.02 |
| ocsinventory-ng | ocs_inventory_ng | 1.02:rc1 |
| ocsinventory-ng | ocs_inventory_ng | 1.02:rc2 |
| ocsinventory-ng | ocs_inventory_ng | 1.02:rc3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References