QuMagie
CVE-2023-41284

7.4HIGH

Key Information:

Vendor: QNAP
Status: Qumagie
Vendor: CVE Published:; 10 November 2023

What is CVE-2023-41284?

A SQL injection vulnerability has been identified in the QuMagie application by QNAP. This flaw allows authenticated users to potentially inject malicious SQL code via a network, exploiting the application's input validation weaknesses. It is essential for users to upgrade to QuMagie version 2.1.4 or later to mitigate the risk associated with this vulnerability. For further details and security advisories, visit the official QNAP security page.

Affected Version(s)

QuMagie 2.1.x < 2.1.4

References

https://www.qnap.com/en/security-advisory/qsa-23-50

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2023
Vulnerability Reserved
Aug 28, 2023

Credit

rekter0