{"id":"CVE-2018-14857","details":"Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.","modified":"2026-04-02T01:03:14.708236Z","published":"2018-08-06T21:29:00.453Z","references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041418"},{"type":"ADVISORY","url":"https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/cc572819e373f7ff81dec61591b6f465b43c5515"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2018/Aug/6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ocsinventory-ng/ocsinventory-ocsreports","events":[{"introduced":"0"},{"fixed":"cc572819e373f7ff81dec61591b6f465b43c5515"}]},{"type":"GIT","repo":"https://github.com/ocsinventory-ng/ocsinventory-server","events":[{"introduced":"0"},{"last_affected":"aa4d02fe72b289a13e75b7b0bc1ffdbc86747b3f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5"}]}}],"versions":["2.2","2.2.1","2.2Beta2","2.2RC1","2.3","2.3.1","2.3RC1","2.4","2.4.1","2.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14857.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}