What is CVE-2020-14947?

CVE-2020-14947 is a vulnerability in N/a. Published 2020-06-30.

Is CVE-2020-14947 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-14947

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.

EPSS: 0.747 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

gist.github.com/mhaskar/233436d3096d4a7beafe36ff61dc2c73 (x_refsource_MISC)
drive.google.com/file/d/1-LVfL5ui5m2QfQxr0fDopzSECd4fTNrQ/view (x_refsource_MISC)
shells.systems/ocs-inventory-ng-v2-7-remote-command-execution-cve-2020-14947/ (x_refsource_MISC)
packetstormsecurity.com/files/158293/OCS-Inventory-NG-2.7-Remote-Code-Execution… (x_refsource_MISC)
github.com/OCSInventory-NG/OCSInventory-ocsreports/commit/da72e0fddaeceee44fbbd… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-14947?: CVE-2020-14947 is a vulnerability in N/a. Published 2020-06-30.
Is CVE-2020-14947 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.