4 matches found
ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection
ASUSTOR ADM version 3.1.0.RFQ3 is vulnerable to SQL injection via the albumid parameter in the /photo-gallery/api/album/treelists/ endpoint. An attacker can exploit this vulnerability to execute arbitrary SQL commands on the database, potentially leading to information disclosure or further...
VulnCheck KEV: CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...
ASUSTOR ADM SQL Injection Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. photo gallery is one of the photo management applications. An SQL injection vulnerability exists in the 'albumid' and 'scope' parameters of the tree list function of the photo gallery application in ASUSTOR...
CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...