QNAP QTS and QuTS hero SQL Injection Vulnerability (CVE-2022-27596) Notice

February 3, 2023

Overview On January 31, 2023, NSFOCUS CERT detected that QNAP officially released a QNAP QTS and QuTS hero SQL injection vulnerability (CVE-2022-27596) notice. Due to the flaws in QNAP QTS and QuTS hero, unauthenticated remote attackers can use this vulnerability to inject malicious code on QNAP NAS devices, and ultimately achieve arbitrary code execution. The […]

SQL Injection Revealing the Truth Behind Information Disclosure

November 15, 2019

I. Principle

At present, there has been a great deal of news coverage about information disclosure. A large amount of information is constantly disclosed and sold through various websites, resulting in endless cases of telecom fraud. We have already known that SQL injection is the culprit responsible for all the cases. An SQL injection attack refers to an act of inserting SQL statements into parameter included in web forms, domain names, or page requests, in an attempt to trick the server into executing malicious SQL commands to obtain all information in the database. (more…)


Subscribe to the NSFOCUS Blog