Headline
CVE-2023-41285: Multiple Vulnerabilities in QuMagie - Security Advisory
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later
Security ID : QSA-23-50
Release date : November 11, 2023
CVE identifier : CVE-2023-39295 | CVE-2023-41284 | CVE-2023-41285
Affected products: QuMagie 2.1.x
Summary
Multiple vulnerabilities have been reported to affect QuMagie:
- CVE-2023-39295: If exploited, the OS command injection vulnerability could allow authenticated users to execute commands via a network.
- CVE-2023-41284: If exploited, the SQL injection vulnerability could allow authenticated users to inject malicious code via a network.
- CVE-2023-41285: If exploited, the SQL injection vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerabilities in the following affected version:
Affected Product
Fixed Version
QuMagie 2.1.x
QuMagie 2.1.4 and later
Recommendation
To fix the vulnerabilities, we recommend updating QuMagie to the latest version.
Updating QuMagie
- Log on to your QNAP operating system as an administrator.
- Open App Center and then click .
A search box appears. - Type “QuMagie” and then press ENTER.
QuMagie appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your QuMagie is already up to date. - Click OK.
The application is updated.
Attachment
- CVE-2023-39295.json
- CVE-2023-41284.json
- CVE-2023-41285.json
Acknowledgements: rekter0
Revision History:
V1.0 (November 11, 2023) - Published