CVE-2024-56804
published 2025-10-03CVE-2024-56804: An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to…
medium5.3CVSS 4.0
AVNACLATNPRLUINVCLVILVALSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version:
Video Station 5.8.4 and later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | video_station | >= 5.8.0 < 5.8.4 | 5.8.4 |
| qnap_systems_inc | video_station | >= 5.8.x < 5.8.4 | 5.8.4 |