CVE-2025-29892 — SQL Injection in Systems INC Qsync Central

CWE-89 — SQL Injection3 documents3 sources

Severity

8.7HIGHNVD

EPSS

0.3%

top 51.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qsync Central Qnap Qsync Central

Timeline

PublishedJun 6

Description

An SQL injection vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.6 ( 2025/03/20 ) and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶NVDqnap/qsync_central4.5.0.3 — 4.5.0.6

▶CVEListV5qnap_systems_inc/qsync_central4.5.x.x — 4.5.0.6 ( 2025/03/20 )

🔴Vulnerability Details

GHSA

GHSA-7pjj-5xf2-pmpg: An SQL injection vulnerability has been reported to affect Qsync Central↗2025-06-06

▶

CVEList

Qsync Central↗2025-06-06

▶