Qnap Qumagie vulnerabilities
10 known vulnerabilities affecting qnap/qumagie.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH6MEDIUM1LOW2
Vulnerabilities
Page 1 of 1
CVE-2025-62857LOWCVSS 2.2≥ 2.0.0, < 2.8.12026-01-02
CVE-2025-62857 [LOW] CWE-79 CVE-2025-62857: A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
QuMagie 2.8.1 and later
nvd
CVE-2025-52425CRITICALCVSS 9.5≥ 2.6.0, < 2.7.02025-11-07
CVE-2025-52425 [CRITICAL] CWE-89 CVE-2025-52425: An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit th
An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following versions:
QuMagie 2.7.0 and later
nvd
CVE-2025-58464HIGHCVSS 7.8≥ 2.7.0, < 2.7.32025-11-07
CVE-2025-58464 [HIGH] CWE-23 CVE-2025-58464: A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, t
A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
QuMagie 2.7.3 and later
nvd
CVE-2024-38642LOWCVSS 1.0v2.3.02024-09-06
CVE-2024-38642 [LOW] CWE-295 CVE-2024-38642: An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited,
An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.
We have already fixed the vulnerability in the following version:
QuMagie 2.3.1 and later
nvd
CVE-2023-47219HIGHCVSS 8.8v2.2.02024-01-05
CVE-2023-47219 [LOW] CWE-89 CVE-2023-47219: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
nvd
CVE-2023-47560HIGHCVSS 8.8v2.2.02024-01-05
CVE-2023-47560 [HIGH] CWE-77 CVE-2023-47560: An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnera
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
nvd
CVE-2023-47559MEDIUMCVSS 5.4v2.2.02024-01-05
CVE-2023-47559 [MEDIUM] CWE-79 CVE-2023-47559: A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vu
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
nvd
CVE-2023-41284HIGHCVSS 8.8fixed in 2.1.42023-11-10
CVE-2023-41284 [HIGH] CWE-89 CVE-2023-41284: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
nvd
CVE-2023-39295HIGHCVSS 8.8fixed in 2.1.42023-11-10
CVE-2023-39295 [HIGH] CWE-78 CVE-2023-39295: An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnera
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.3 and later
nvd
CVE-2023-41285HIGHCVSS 8.8fixed in 2.1.42023-11-10
CVE-2023-41285 [HIGH] CWE-89 CVE-2023-41285: A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.1.4 and later
nvd