Search

Security ID : NAS-201709-29

Security Advisory for SQL Injection in HelpDesk

  • Release date : September 29, 2017

  • CVE identifier : CVE-2017-13068

  • Affected products: QTS Helpdesk versions 1.1.12 and earlier

Severity

Critical

Status

Resolved

Summary

Kacper Szurek, an independent security researcher, reported a vulnerability affecting QTS HelpDesk through Beyond Security’s SecuriTeam Secure Disclosure program. QNAP acknowledges Mr. Szurek’s discovery and appreciates his efforts.

QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain application information. A remote attacker does not require any privileges to successfully execute this attack.

This vulnerability is fixed in QTS Helpdesk 1.1.15.

Recommendations

To resolve the issue, you must update your QTS Helpdesk version to 1.1.15:

Upgrading to Helpdesk 1.1.15


  1. Log on to QTS as administrator.
  2. Open the App Center and then click the Search icon.
  3. Type “Helpdesk” and then press ENTER.
  4. The Helpdesk application appears in the search results list.
  5. Click Update.
  6. A confirmation message appears.
  7. Click OK.
  8. The application is updated.

Revision History: 2017-09-29

Teknik Özellik sSçin

      Daha fazla göster Daha az

      Diğer ülkelerde/bölgelerde bu site:

      open menu
      back to top