Vulnerabilities > CVE-2015-6036 - Unspecified vulnerability in Qnap Sinage Station 2.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | CGI abuses |
NASL id | SIGNAGESTATION_UPLOAD.NASL |
description | The version of QNAP Signage Station running on the remote host is affected by an arbitrary file upload vulnerability in the contentTemplateDownload.php script. A remote attacker can exploit this, via an HTTP request, to upload arbitrary files. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 90201 |
published | 2016-03-25 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/90201 |
title | QNAP Signage Station Arbitrary File Upload Vulnerability |