CVE-2020-14947
CVE-2020-14947
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/mhaskar/CVE-2020-14947★ 17cve_referencepacketstormsecurity.com/files/158293/OCS-Inventory-NG-2.7-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48634unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/158293/OCS-Inventory-NG-2.7-Remote-Code-Execution.htmlhttps://drive.google.com/file/d/1-LVfL5ui5m2QfQxr0fDopzSECd4fTNrQ/view?usp=sharinghttps://gist.github.com/mhaskar/233436d3096d4a7beafe36ff61dc2c73https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/da72e0fddaeceee44fbbd7241e07e5d53d1eee64https://shells.systems/ocs-inventory-ng-v2-7-remote-command-execution-cve-2020-14947/