Arbitrary SQL Command Execution in Seagate NAS OS 4.3.15.1 via dirId Parameter
CVE-2018-12295 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter.
Learn more about our Web Application Penetration Testing UK.