CVE-2018-19952

2020-10-3000:00:00

CWE-20

CWE-943

CWE-80

qnap

www.cve.org

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.

CNA Affected

[
  {
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "5.2.9",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "5.3.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-20-10