Qnap: >> Qumagie >> 2.2.0 Security Vulnerabilities
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
CVSS Score
3.5
EPSS Score
0.003
Published
2024-01-05
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
CVSS Score
5.5
EPSS Score
0.001
Published
2024-01-05
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
QuMagie 2.2.1 and later
CVSS Score
7.4
EPSS Score
0.005
Published
2024-01-05