CVE-2018-19952

If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.4.3:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-11-02 16:15

Updated : 2024-02-04 21:23


NVD link : CVE-2018-19952

Mitre link : CVE-2018-19952

CVE.ORG link : CVE-2018-19952


JSON object : View

Products Affected

qnap

  • qts
  • music_station
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-20

Improper Input Validation

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-943

Improper Neutralization of Special Elements in Data Query Logic