2 matches found
QNAP HelpDesk SQL Injection(CVE-2017-13068)
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
CVE-2017-13068
CVE-2017-13068 affects QNAP QTS Helpdesk (versions 1.1.12 and earlier). The vulnerability arises from insufficient input sanitization in the Helpdesk’s SupportUtils code path, enabling a remote attacker to perform an SQL injection via a crafted request to www/App/Controllers/Cli/SupportUtils.php ...