CVE-2017-13068

Summary

QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.

Affected Software

VendorProductVersion RangeStatus
QNAPQNAP Helpdesk APPQTS Helpdesk versions 1.1.12 and earlieraffected

Weaknesses

  • SQL Injection in HelpDesk

ADP Enrichment

CVE Program Container

Additional References

References