CVE-2023-34976: Video Station
First published: Fri Oct 13 2023(Updated: )
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
Credit: security@qnapsecurity.com.tw security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP Video Station | <5.7.0 |
Remedy
We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2023-34976.
What is the severity of CVE-2023-34976?
The severity of CVE-2023-34976 is high with a score of 8.8.
Which software version is affected by CVE-2023-34976?
Video Station versions up to but not including 5.7.0 are affected by CVE-2023-34976.
How can the SQL injection vulnerability be exploited?
The SQL injection vulnerability can be exploited by authenticated users injecting malicious code via a network.
How can I fix CVE-2023-34976?
To fix CVE-2023-34976, update Video Station to version 5.7.0 (2023/07/27) or later.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- vendor/qnap
- canonical/qnap video station