Description
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Nico Leidecker · textwebappsphp
https://www.exploit-db.com/exploits/8836
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml
Various Sources x_refsource_confirm
http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=140&cntnt01returnid=72
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503936/100/0/threaded
Scores
EPSS
0.0014
EPSS Percentile
32.8%
Details
CWE
CWE-89
Status
published
Products (1)
ocsinventory-ng/ocs_inventory_ng
1.02
Published
Sep 01, 2009
Tracked Since
Feb 18, 2026