Vulnerability Description
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ocsinventory-Ng | Ocs Inventory Ng | 1.02.1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/61942
- http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txtExploit
- http://secunia.com/advisories/38311Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55872
- http://osvdb.org/61942
- http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txtExploit
- http://secunia.com/advisories/38311Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:178
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55872
FAQ
What is CVE-2010-1595?
CVE-2010-1595 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter...
How severe is CVE-2010-1595?
CVE-2010-1595 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1595?
Check the references section above for vendor advisories and patch information. Affected products include: Ocsinventory-Ng Ocs Inventory Ng.