CVE-2018-12483
OCS Inventory NG 2.4.1 is vulnerable to remote command execution. The flaw arises when the ipdiscover_analyser rzo GET parameter is concatenated into a string used by PHP’s exec() call, allowing authenticated attackers to execute arbitrary commands. Authentication is required to exploit. The avai...