CVE-2018-19948

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 68.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. HelpdeskQnap Helpdesk
Timeline
PublishedSep 11
Latest updateMay 24

Description

The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this cross-site request forgery (CSRF) vulnerability could allow attackers to force NAS users to execute unintentional actions through a web application. QNAP has already fixed the issue in Helpdesk 3.0.3 and later.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages2 packages

NVDqnap/helpdesk< 3.0.3
CVEListV5qnap_systems_inc./helpdeskunspecified3.0.3

🔴Vulnerability Details

2
GHSA
GHSA-m2q3-43wc-p9w4: The vulnerability have been reported to affect earlier versions of Helpdesk2022-05-24
CVEList
CVE-2018-19948: The vulnerability have been reported to affect earlier versions of Helpdesk2020-09-11
CVE-2018-19948 (MEDIUM CVSS 6.5) | The vulnerability have been reporte | cvebase.io