CVE-2023-47221 — Path Traversal in Systems INC Photo Station

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

CNA5.5

EPSS

0.0%

top 85.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Photo Station Qnap Photo Station

Timeline

PublishedMar 8

Description

A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDqnap/photo_station6.4.0 — 6.4.2

▶CVEListV5qnap_systems_inc/photo_station6.4.x — 6.4.2 ( 2023/12/15 )

🔴Vulnerability Details

CVEList

Photo Station↗2024-03-08

▶

GHSA

GHSA-2v7w-v8fj-mf99: A path traversal vulnerability has been reported to affect Photo Station↗2024-03-08

▶