.. / CVE-2019-7192

Exploit for QNAP QTS and Photo Station 6.0.3 - Remote Command Execution (CVE-2019-7192)

Description:

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

Nuclei Template

View the template here CVE-2019-7192.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-7192.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-7192
https://nvd.nist.gov/vuln/detail/CVE-2022-2546
https://patchstack.com/database/vulnerability/all-in-one-wp-migration/wordpress-all-in-one-wp-migration-plugin-7-62-unauthenticated-reflected-cross-site-scripting-xss-vulnerability
https://packetstormsecurity.com/files/157857/QNAP-QTS-And-Photo-Station-6.0.3-Remote-Command-Execution.html
https://medium.com/@cycraft_corp/qnap-pre-auth-root-rce-affecting-312k-devices-on-the-internet-fc8af285622e

.. / CVE-2019-7192 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for QNAP QTS and Photo Station 6.0.3 - Remote Command Execution (CVE-2019-7192)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-7192