CNNVD-202512-3111 Information
CNNVD ID
CNNVD-202512-3111
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
QNAP Systems Hero和QNAP Systems QTS都是中国威联通科技(QNAP Systems)公司的产品。QNAP Systems Hero是一款用于管理文件的NAS操作系统。该系统保留了QTS的应用生态,整合更强大的128位ZFS文件系统,为企业提供更稳定可靠的NAS存储解决方案。QNAP Systems QTS是一个具有数据存储与管理功能的软件。 QNAP Systems Hero和QNAP Systems QTS存在SQL注入漏洞,该漏洞源于容易受到SQL注入攻击,可能导致执行未授权代码或命令。
Description (English)
QNAP Systems Hero and QNAP Systems QTS are products of QNAP Systems. QNAP Systems Hero is a NAS operating system for managing documents. The system retains the application ecology of QTS, integrates a stronger 128-bit ZFS file system and provides enterprises with more stable and reliable NAS storage solutions. QNAP Systems QTS is a software with data storage and management functions. QNAP Systems Hero and QNAP Systems QTS have an injection loophole in SQL, which stems from their vulnerability to SQL injection attacks and may lead to the execution of unauthorized codes or orders.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
威联通科技
Published
2025-12-16
Last Modified
2026-02-24
References
https://www.qnap.com/en/security-advisory/qsa-25-45
Patch
https://www.qnap.com/en/security-advisory/qsa-25-45
Share on: