Lucene search
CVE-2018-11511
The photo gallery app in ASUSTOR ADM 3.1.0.RFQ3 is vulnerable to SQL injection via 'album_id' or 'scope' parameter
Show more
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | ASUSTOR ADM 3.1 scope SQL Injection | 3 Nov 201800:00 | – | dsquare |
| ASUSTOR ADM 3.1 album_id SQL Injection | 3 Nov 201800:00 | – | dsquare |
 | CVE-2018-11511 | 16 Aug 201820:29 | – | nvd |
 | Sql injection | 16 Aug 201820:29 | – | prion |
 | CVE-2018-11511 | 16 Aug 201820:00 | – | cvelist |
 | CVE-2018-11511 | 16 Aug 201800:00 | – | attackerkb |
 | ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection | 15 Aug 201800:00 | – | exploitdb |
 | ASUSTOR NAS ADM 3.1.0 Remote Command Execution / SQL Injection | 14 Aug 201800:00 | – | packetstorm |
 | ASUSTOR ADM <= 3.1.2.RHG1 Multiple Vulnerabilities - Active Check | 29 Jun 201800:00 | – | openvas |
 | ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution SQL Injection | 15 Aug 201800:00 | – | exploitpack |
10
Node
| Source | Link |
|---|---|
| packetstormsecurity | www.packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html |
| exploit-db | www.exploit-db.com/exploits/45200/ |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| album_id | request body | /photo-gallery/api/album/tree_lists/ | The album_id parameter in the photo-gallery/api/album/tree_lists/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| start | request body | /photo-gallery/api/album/tree_lists/ | The album_id parameter in the photo-gallery/api/album/tree_lists/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| limit | request body | /photo-gallery/api/album/tree_lists/ | The album_id parameter in the photo-gallery/api/album/tree_lists/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| order | request body | /photo-gallery/api/album/tree_lists/ | The album_id parameter in the photo-gallery/api/album/tree_lists/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| api | request body | /photo-gallery/api/album/tree_lists/ | The album_id parameter in the photo-gallery/api/album/tree_lists/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| keyword | request body | /photo-gallery/api/photo/search/ | The scope parameter in the photo-gallery/api/photo/search/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| scope | request body | /photo-gallery/api/photo/search/ | The scope parameter in the photo-gallery/api/photo/search/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| start | request body | /photo-gallery/api/photo/search/ | The scope parameter in the photo-gallery/api/photo/search/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| limit | request body | /photo-gallery/api/photo/search/ | The scope parameter in the photo-gallery/api/photo/search/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
| order | request body | /photo-gallery/api/photo/search/ | The scope parameter in the photo-gallery/api/photo/search/ endpoint is vulnerable to SQL injection, allowing attackers to manipulate SQL queries. | CWE-89 |
10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo16 Aug 2018 20:29Current
9.6High risk
Vulners AI Score9.6
CVSS27.5
CVSS39.8
EPSS0.00346