Lucene search

PRIOn knowledge basePRION:CVE-2024-21901

HistoryMar 08, 2024 - 5:15 p.m.

Sql injection

2024-03-0817:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

vulnerability

myqnapcloud

administrators

malicious code

network

fixed

nvd

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.1%

JSON

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.

We have already fixed the vulnerability in the following versions:
myQNAPcloud 1.0.52 ( 2023/11/24 ) and later
QTS 4.5.4.2627 build 20231225 and later

CPENameOperatorVersion
myqnapcloudlt1.0.52
qtseq4.5.4.2627
qtslt4.5.4.2627

Name	Operator	Version
myqnapcloud	lt	1.0.52
qts	eq	4.5.4.2627
qts	lt	4.5.4.2627

References

www.qnap.com/en/security-advisory/qsa-24-09