CyberSec.Space Logo
Back to CVE Browser

CVE-2020-2507

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile12.06th
PublishedFeb 3, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

The vulnerability have been reported to affect earlier versions of QTS. If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3.

Affected Platforms (CPE)

📦
Qnap

Helpdesk

< 3.0.3

References & Advisories

🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08
🔗 https://www.qnap.com/zh-tw/security-advisory/qsa-20-08

Related Vulnerabilities

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...

CVE-2020-149429.8

Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.

CVE-2020-25009.8

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can acces...

CVE-2020-126849.8

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML in...