CVE-2018-14857

CVE-2018-14857

Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

Source: CVE-2018-14857

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다