QuMagie
CVE-2023-41285

7.4HIGH

Key Information:

Vendor: QNAP
Status: Qumagie
Vendor: CVE Published:; 10 November 2023

Summary

A SQL injection vulnerability has been detected in QuMagie, allowing authenticated users to execute unauthorized commands through malicious code injection. This issue could potentially compromise the integrity and security of the application's data. QNAP has addressed this concern by releasing a fix in QuMagie version 2.1.4 and later, rendering earlier versions susceptible to exploitation.

Affected Version(s)

QuMagie 2.1.x < 2.1.4

References

https://www.qnap.com/en/security-advisory/qsa-23-50

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 10, 2023
Vulnerability Reserved
Aug 28, 2023

Credit

rekter0