CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-7195

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score42.5180%
EPSS Percentile86.61th
Published2019年12月5日
Last Modified2025年10月27日

Vulnerability Description

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.

Affected Platforms (CPE)

📦
Qnap

Photo Station

< 6.0.3
📦
Qnap

Photo Station

< 5.7.10
📦
Qnap

Photo Station

< 5.4.9
📦
Qnap

Photo Station

< 5.2.11

References & Advisories

🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 http://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
🔗 https://www.qnap.com/zh-tw/security-advisory/nas-201911-25
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7195

相关漏洞威胁

CVE-2021-290899.8

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol...

CVE-2019-71929.8

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnera...

CVE-2019-71949.8

This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln...

CVE-2016-103299.8

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr...