OpenCVE

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Qnap	Video Station

Configuration 1 [-]

cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-24-24

History

Fri, 06 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Qnap Qnap video Station
CPEs		cpe:2.3:a:qnap:video_station::::::::
Vendors & Products		Qnap Qnap video Station
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 06 Sep 2024 16:45:00 +0000

Type	Values Removed	Values Added
Description		A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.1 ( 2024/02/26 ) and later
Title		Video Station
Weaknesses		CWE-89
References		https://www.qnap.com/en/security-advisory/qsa-24-24
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2024-09-06T16:26:55.405Z

Updated: 2024-09-06T17:46:27.496Z

Reserved: 2023-12-07T08:52:25.583Z

Link: CVE-2023-50360

Vulnrichment

Updated: 2024-09-06T17:46:16.446Z

NVD

Status : Analyzed

Published: 2024-09-06T17:15:12.710

Modified: 2024-09-28T23:44:50.720

Link: CVE-2023-50360

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50360", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-12-07T08:52:25.583Z", "datePublished": "2024-09-06T16:26:55.405Z", "dateUpdated": "2024-09-06T17:46:27.496Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Video Station", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "5.8.1 ( 2024/02/26 )", "status": "affected", "version": "5.8.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kaibro and Anonymous"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.<br><br>We have already fixed the vulnerability in the following version:<br>Video Station 5.8.1 ( 2024/02/26 ) and later<br>"}], "value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-09-06T16:26:55.405Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-24"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>Video Station 5.8.1 ( 2024/02/26 ) and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later"}], "source": {"advisory": "QSA-24-24", "discovery": "EXTERNAL"}, "title": "Video Station", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "qnap", "product": "video_station", "cpes": ["cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "5.8.0", "status": "affected", "lessThan": "5.8.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T17:44:59.546616Z", "id": "CVE-2023-50360", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:46:27.496Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-50360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-06T17:44:59.546616Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*"], "vendor": "qnap", "product": "video_station", "versions": [{"status": "affected", "version": "5.8.0", "lessThan": "5.8.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T17:46:16.446Z"}}], "cna": {"title": "Video Station", "source": {"advisory": "QSA-24-24", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Kaibro and Anonymous"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "QNAP Systems Inc.", "product": "Video Station", "versions": [{"status": "affected", "version": "5.8.x", "lessThan": "5.8.1 ( 2024/02/26 )", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "We have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later", "supportingMedia": [{"type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>Video Station 5.8.1 ( 2024/02/26 ) and later<br>", "base64": false}]}], "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-24"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later", "supportingMedia": [{"type": "text/html", "value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.<br><br>We have already fixed the vulnerability in the following version:<br>Video Station 5.8.1 ( 2024/02/26 ) and later<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-09-06T16:26:55.405Z"}}}, "cveMetadata": {"cveId": "CVE-2023-50360", "state": "PUBLISHED", "dateUpdated": "2024-09-06T17:46:27.496Z", "dateReserved": "2023-12-07T08:52:25.583Z", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "datePublished": "2024-09-06T16:26:55.405Z", "assignerShortName": "qnap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "2552122C-93E4-471B-A5BE-D3B931836217", "versionEndExcluding": "5.8.2", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.8.1 ( 2024/02/26 ) and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de inyecci\u00f3n SQL que afecta a Video Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: Video Station 5.8.1 (2024/02/26) y posteriores"}], "id": "CVE-2023-50360", "lastModified": "2024-09-28T23:44:50.720", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}, "published": "2024-09-06T17:15:12.710", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-24-24"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@qnapsecurity.com.tw", "type": "Primary"}]}