CVE-2021-32508

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

Path traversal

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

CVE-2021-32508 QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager...

CVE-2021-32508

CVE-2021-32508 affects QSAN Storage Manager: a path traversal via the FileStreaming component allows remote authenticated attackers to access arbitrary files by injecting a symbolic link through the Url path parameter. Vulnerable for versions prior to 3.3.3; fixed in 3.3.3. Impact details and vec...

QSAN Storage Manager 后置链接漏洞

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. A path traversal vulnerability exists in FileStreaming in QSAN Storage Manager 3.3.1 and earlier versions. An attacker can exploit this vulnerability by injecting symbolic links to access arbitrary files...