CVE-2023-41287

CWE-89SQL Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.1%
top 67.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Video StationQnap Video Station
Timeline
PublishedJan 5

Description

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDqnap/video_station5.7.05.7.2
CVEListV5qnap_systems_inc./video_station5.7.x5.7.2 ( 2023/11/23 )

🔴Vulnerability Details

2
GHSA
GHSA-chg5-w539-53mr: A SQL injection vulnerability has been reported to affect Video Station2024-01-05
CVEList
Video Station2024-01-05
CVE-2023-41287 (HIGH CVSS 8.8) | A SQL injection vulnerability has b | cvebase.io