CVE-2020-14947
- Source
- https://cve.org/CVERecord?id=CVE-2020-14947
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-14947.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-14947
- Downstream
- Published
- 2020-06-30T21:15:11.237Z
- Modified
- 2026-04-02T04:10:06.618016Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mibfile in plugins/mainsections/msconfig/mssnmpconfig.php is mishandled in getmib_oid.
- References
-
- https://github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/da72e0fddaeceee44fbbd7241e07e5d53d1eee64
- http://packetstormsecurity.com/files/158293/OCS-Inventory-NG-2.7-Remote-Code-Execution.html
- https://drive.google.com/file/d/1-LVfL5ui5m2QfQxr0fDopzSECd4fTNrQ/view?usp=sharing
- https://gist.github.com/mhaskar/233436d3096d4a7beafe36ff61dc2c73
- https://shells.systems/ocs-inventory-ng-v2-7-remote-command-execution-cve-2020-14947/
Affected packages
Git / github.com/OCSInventory-NG/OCSInventory-ocsreports
Affected ranges
- Type
- GIT
- Repo
- https://github.com/OCSInventory-NG/OCSInventory-ocsreports
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.7" } ] }
- Type
- GIT
- Repo
- https://github.com/ocsinventory-ng/ocsinventory-ocsreports
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed