SQL Injection Vulnerability in QNAP Operating System
CVE-2024-50387

Currently unrated

Key Information:

Vendor: QNAP
Status: QNAP Operating System
Vendor: CVE Published:; 6 December 2024

What is CVE-2024-50387?

A SQL injection vulnerability has been identified in multiple versions of the QNAP Operating System, allowing remote attackers to inject and execute malicious code. If left unpatched, this flaw poses a significant risk to data integrity and security within affected systems. QNAP has addressed this issue in the SMB Service version 4.15.002 and later, enhancing protection against such attacks.

References

https://www.qnap.com/en/security-advisory/qsa-24-42

EPSS Score

19% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 6, 2024

JSON