Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.9.1 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

Where to report vulnerabilities?

Hi,

I recently found a critical security vulnerability in "https://ask.ocsinventory-ng.org/", this vulnerability leads to RCE and an attacker can see all the cache on the server, can delete a post, change contents of the post, monitor real time logs of the *.ocsinventory-ng.org and ultimately get access to the internal network to inject codes and payloads. I tried to reach out GUIDET Francois Xavier on linkedIN but I think he might not reply. Please let me know immediately where to report and whom to contact.

in Core server development by (160 points)
edited by

2 Answers

0 votes
Hello Shahid,
You can contact me to exchange about that.
My mail : damien.belliard at factorfx.com

Regards

Damien
by (460 points)
0 votes
Done!!

shahidhakim0 at gmail.com
by (160 points)
 
Powered by Question2Answer
...