CVE-2023-34976

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 61.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Video StationQnap Video Station
Timeline
PublishedOct 13

Description

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDqnap/video_station< 5.7.0
CVEListV5qnap_systems_inc./video_station5.7.x5.7.0 ( 2023/07/27 )

🔴Vulnerability Details

2
CVEList
Video Station2023-10-13
GHSA
GHSA-p9mf-x9hh-r538: A SQL injection vulnerability has been reported to affect Video Station2023-10-13
CVE-2023-34976 (HIGH CVSS 8.8) | A SQL injection vulnerability has b | cvebase.io