CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-11511

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile39.10th
Published2018年8月16日
Last Modified2024年11月21日

Vulnerability Description

The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI.

Affected Platforms (CPE)

📦
Asustor

Asustor Data Master

= 3.1.0

References & Advisories

🔗 http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html
🔗 https://www.exploit-db.com/exploits/45200/
🔗 http://packetstormsecurity.com/files/148919/ASUSTOR-NAS-ADM-3.1.0-Remote-Command-Execution-SQL-Injection.html
🔗 https://www.exploit-db.com/exploits/45200/

関連する脆弱性情報

CVE-2018-156947.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations du...

CVE-2018-156956.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due...

CVE-2018-156976.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing ...

CVE-2018-156986.5

ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when ...