Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS prior to 4.1.0 allows remote malicious users to read arbitrary files via a full pathname in the f parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qnap qts |
||
qnap qts 4.0 |