CVE-2023-50360 — SQL Injection in Systems INC Video Station

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Video Station Qnap Video Station

Timeline

PublishedSep 6

Description

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDqnap/video_station5.0.0 — 5.8.2

▶CVEListV5qnap_systems_inc/video_station5.8.x — 5.8.1 ( 2024/02/26 )

🔴Vulnerability Details

GHSA

GHSA-5x78-3xcj-2hqh: A SQL injection vulnerability has been reported to affect Video Station↗2024-09-06

▶

CVEList

Video Station↗2024-09-06

▶