Описание
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.21 (включая)
Одновременно
cpe:2.3:a:qnap:helpdesk:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02291
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.
EPSS
Процентиль: 84%
0.02291
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-77