.. / CVE-2022-27593

Exploit for QNAP QTS Photo Station External Reference - Local File Inclusion (CVE-2022-27593)

Description:

QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later.

Nuclei Template

View the template here CVE-2022-27593.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-27593.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://attackerkb.com/topics/7We3SjEYVo/cve-2022-27593
https://nvd.nist.gov/vuln/detail/CVE-2022-27593
https://www.qnap.com/en/security-advisory/qsa-22-24
https://github.com/20142995/sectool

.. / CVE-2022-27593 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for QNAP QTS Photo Station External Reference - Local File Inclusion (CVE-2022-27593)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-27593