CVE-2022-27596 — SQL Injection in Systems INC QTS

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

21.0%

top 4.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC QTS Qnap Systems INC Quts Hero Qnap QTS +1 more

Timeline

PublishedJan 30

Description

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDqnap/quts_heroh5.0.1 — h5.0.1.2248

▶CVEListV5qnap_systems_inc/quts_heroh5.0.1 — h5.0.1.2248 build 20221215

▶NVDqnap/qts5.0.1 — 5.0.1.2234

▶CVEListV5qnap_systems_inc/qts5.0.1 — 5.0.1.2234 build 20221201

🔴Vulnerability Details

GHSA

GHSA-xj35-32mv-jpmp: A vulnerability has been reported to affect QNAP device running QuTS hero, QTS↗2023-01-30

▶

CVEList

Vulnerability in QTS↗2023-01-30

▶