cbcvebase.
CVE-2024-21901
published 2024-03-08

CVE-2024-21901: A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject…

PriorityP340medium4.7CVSS 3.1
AVNACLPRHUINSUCLILAL
EPSS
18.68%
96.9th percentile
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later

Affected

5 ranges
VendorProductVersion rangeFixed in
qnapmyqnapcloud< 1.0.521.0.52
qnapqts< 4.5.4.26274.5.4.2627
qnapqts
qnap_systems_incmyqnapcloud>= 1.0.x < 1.0.52 ( 2023/11/24 )1.0.52 ( 2023/11/24 )
qnap_systems_incqts>= 4.5.x < 4.5.4.2627 build 202312254.5.4.2627 build 20231225

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
vendor_oracle7.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.