Vulnerabilities > CVE-2015-6036 - Unspecified vulnerability in Qnap Sinage Station 2.0.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
qnap
nessus

Summary

QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.

Vulnerable Configurations

Part Description Count
Application
Qnap
1

Nessus

NASL familyCGI abuses
NASL idSIGNAGESTATION_UPLOAD.NASL
descriptionThe version of QNAP Signage Station running on the remote host is affected by an arbitrary file upload vulnerability in the contentTemplateDownload.php script. A remote attacker can exploit this, via an HTTP request, to upload arbitrary files.
last seen2020-06-01
modified2020-06-02
plugin id90201
published2016-03-25
reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/90201
titleQNAP Signage Station Arbitrary File Upload Vulnerability