CVE-2018-11511

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM version 3.1.0.RFQ3

Description The photo gallery application in ASUSTOR ADM contains a SQL injection issue in the tree list functionality. This issue affects the album id or scope parameter via the "photo-gallery/api/album/tree lists/" URI.

Recommendations For ASUSTOR ADM version 3.1.0.RFQ3, avoid using the album id or scope parameter in the affected API endpoint until the issue is resolved. Restrict access to the "photo-gallery/api/album/tree lists/" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.