PT-2024-2013 · Qnap · Qts+1
Published
2024-03-08
·
Updated
2024-05-19
·
CVE-2024-21901
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
myQNAPcloud versions prior to 1.0.52
QTS versions prior to 4.5.4.2627 build 20231225
Description
A SQL injection vulnerability has been reported, which could allow authenticated administrators to inject malicious code via a network. The vulnerability is related to the lack of protection against SQL query structure attacks. If exploited, it may allow a remote attacker to execute arbitrary code.
Recommendations
For myQNAPcloud versions prior to 1.0.52, update to version 1.0.52 or later.
For QTS versions prior to 4.5.4.2627 build 20231225, update to version 4.5.4.2627 build 20231225 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Myqnapcloud