CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Asustor 1Asustor Data Master Nov 21, 2024 Aug 16, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI. |
1Asustor 1Asustor Data Master Nov 21, 2024 Aug 16, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a...Show more |