Arbitrary SQL Command Execution in Seagate NAS OS 4.3.15.1 via dirId Parameter

Arbitrary SQL Command Execution in Seagate NAS OS 4.3.15.1 via dirId Parameter

CVE-2018-12295 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.

Learn more about our Web Application Penetration Testing UK.