QuMagie
CVE-2023-41284

7.4HIGH

Key Information:

Vendor
QNAP
Status
Qumagie
Vendor
CVE Published:
10 November 2023

Summary

A SQL injection vulnerability has been identified in the QuMagie application by QNAP. This flaw allows authenticated users to potentially inject malicious SQL code via a network, exploiting the application's input validation weaknesses. It is essential for users to upgrade to QuMagie version 2.1.4 or later to mitigate the risk associated with this vulnerability. For further details and security advisories, visit the official QNAP security page.

Affected Version(s)

QuMagie 2.1.x < 2.1.4

References

https://www.qnap.com/en/security-advisory/qsa-23-50

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rekter0
.