Vulnerabilities > Asustor > Asustor Data Master
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-16 | CVE-2018-11511 | SQL Injection vulnerability in Asustor Data Master 3.1.0 The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'album_id' or 'scope' parameter via a photo-gallery/api/album/tree_lists/ URI. | 9.8 |
| 2018-08-16 | CVE-2018-11509 | Use of Hard-coded Credentials vulnerability in Asustor Data Master 3.1.0 ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. | 9.8 |