CVE-2010-1733

Published: May 6, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected (12)

Products: Ocsinventory Ng: Ocs Inventory Ng

Ocsinventory Ng

1 product

Ocs Inventory Ng

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Ocsinventory Ng Ocs Inventory Ng	Up to 1.02.1
Ocsinventory Ng Ocs Inventory Ng	Version 1.01
Ocsinventory Ng Ocs Inventory Ng	Version 1.02
Ocsinventory Ng Ocs Inventory Ng	Version 1.02
Ocsinventory Ng Ocs Inventory Ng	Version 1.02 rc1
Ocsinventory Ng Ocs Inventory Ng	Version 1.02 rc2
Ocsinventory Ng Ocs Inventory Ng	Version 1.02 rc3
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 beta
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc1
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc2
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc3-1
Ocsinventory Ng Ocs Inventory Ng	Version 1.0 rc3