Vulnerabilities > CVE-2015-6036 - Unspecified vulnerability in Qnap Sinage Station 2.0.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

qnap

nessus

NVD

Published: 2016-02-27

Updated: 2016-03-02

Summary

QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. <a href="http://cwe.mitre.org/data/definitions/290.html">CWE-290: Authentication Bypass by Spoofing</a>

Vulnerable Configurations

Part	Description	Count
Application	Qnap Qnap Sinage Station 2.0.0	1

Nessus

NASL family	CGI abuses
NASL id	SIGNAGESTATION_UPLOAD.NASL
description	The version of QNAP Signage Station running on the remote host is affected by an arbitrary file upload vulnerability in the contentTemplateDownload.php script. A remote attacker can exploit this, via an HTTP request, to upload arbitrary files.
last seen	2020-06-01
modified	2020-06-02
plugin id	90201
published	2016-03-25
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/90201
title	QNAP Signage Station Arbitrary File Upload Vulnerability

References

http://www.kb.cert.org/vuls/id/444472