cbcvebase.
CVE-2018-0714
published 2018-08-13

CVE-2018-0714: Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528…

critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application.

Affected

2 ranges
VendorProductVersion rangeFixed in
qnaphelpdesk<= 1.1.21
qnaphelpdesk_in_qts