CyberSec.Space Logo
Back to CVE Browser

CVE-2018-11511

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile39.10th
PublishedAug 16, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.

Affected Platforms (CPE)

πŸ“¦
Asustor

Asustor Data Master

= 3.1.0

References & Advisories

πŸ”— http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/45200/
πŸ”— http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html
πŸ”— https://www.exploit-db.com/exploits/45200/

Related Vulnerabilities

CVE-2018-156947.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations du...

CVE-2018-156956.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due...

CVE-2018-156976.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing ...

CVE-2018-156986.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when ...