SQL injection in OCSReports
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OCS Inventory: OCSReports |
Fix Released
|
Critical
|
Erwan |
Bug Description
Dear all,
- I'd like to bring to your attention that OCSReports is prone to an SQL Injection vulnerability.
- The vulnerability was found and tested on the Virtual Machine OCS-NG-
- Proof of Concept:
* Once authenticated, go to Config>Blacklist (url: https:/
* Choose any tab (MAC address, Serial number, ...)
* E.g in MAC address tab, restrict view according MACADDRESS field
* try 1' or 1=1 -- (don't forget the last space character)
* try 1' UNION all SELECT 1,CONCAT(
* etc.
- I would be obliged if you could confirm the problem and if so, I would appreciate being kept abreast of any workaround or fix (early access to a patch would be greatly appreciated). I would also be interested in knowing how, if at all, you intend to coordinate public disclosure (and claim for any CVE number).
Thanks for this product and your work.
Best regards,
Emmanuel Bouillon
Changed in ocsinventory-ocsreports: | |
status: | New → Confirmed |
importance: | Undecided → Critical |
assignee: | nobody → Erwan (airoine) |
Changed in ocsinventory-ocsreports: | |
status: | Fix Committed → Fix Released |
Demo site (http:// www.ocsinventor y-ng.org/ fr/demo/) looks vulnerable.