CVE-2023-39295

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 38.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. QumagieQnap Qumagie
Timeline
PublishedNov 10

Description

An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDqnap/qumagie< 2.1.4
CVEListV5qnap_systems_inc./qumagie2.1.x2.1.3

🔴Vulnerability Details

2
GHSA
GHSA-72j3-3gqw-xqfj: An OS command injection vulnerability has been reported to affect QuMagie2023-11-10
CVEList
QuMagie2023-11-10
CVE-2023-39295 (HIGH CVSS 8.8) | An OS command injection vulnerabili | cvebase.io