VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1733

ocs_inventory_ng: Multiple SQL injection vulnerabilities in OCS Inven...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1733

Original

Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-06

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-06

Affected Product Tags

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.01

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.02

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.02.1 and previous versions

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.02::unix

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.02:rc1

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.02:rc2

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.02:rc3

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:beta

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc1

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc2

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3

cpe:/a:ocsinventory-ng:ocs_inventory_ng:1.0:rc3-1

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

OSVDB 61942

SECUNIA 38311

Vulnerability Type SQL Injection (CWE-89)

XF ocsinventoryng-searchform-sql-injection(55873)