CVE-2024-48862 — Link Following in Systems INC Qulog Center

CWE-59 — Link Following3 documents3 sources

Severity

8.7HIGHNVD

EPSS

1.6%

top 18.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qulog Center Qnap Qulog Center

Timeline

PublishedNov 22

Description

A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5qnap_systems_inc/qulog_center1.7.x.x — 1.7.0.831 ( 2024/10/15 )+1

▶NVDqnap/qulog_center1.7.0.800 — 1.7.0.831+1

🔴Vulnerability Details

GHSA

GHSA-9xq2-9jc3-2mjw: A link following vulnerability has been reported to affect QuLog Center↗2024-11-22

▶

CVEList

QuLog Center↗2024-11-22

▶