CVE-2024-21901

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qnap:myqnapcloud:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:*

History

13 Mar 2024, 14:23

Type Values Removed Values Added
First Time Qnap qts
Qnap myqnapcloud
Qnap
CPE cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:*
cpe:2.3:a:qnap:myqnapcloud:*:*:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Summary
  • (es) Se ha informado que una vulnerabilidad de inyección SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados inyectar código malicioso a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: myQNAPcloud 1.0.52 (2023/11/24) y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores
References () https://www.qnap.com/en/security-advisory/qsa-24-09 - () https://www.qnap.com/en/security-advisory/qsa-24-09 - Vendor Advisory

08 Mar 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-08 17:15

Updated : 2024-03-13 14:23


NVD link : CVE-2024-21901

Mitre link : CVE-2024-21901

CVE.ORG link : CVE-2024-21901


JSON object : View

Products Affected

qnap

  • qts
  • myqnapcloud
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')