CVE-2023-47568

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 2, 2024

Updated: Feb 8, 2024

CWE ID 89

Summary

CVE-2023-47568 is a newly disclosed SQL injection vulnerability that impacts several QNAP operating system versions. This issue allows authenticated users to inject malicious code over a network, posing a significant security risk. The affected versions include QTS 5.1.5 and earlier, QTS 4.5.4 and earlier, QuTS hero h5.1.5 and earlier, QuTS hero h4.5.4 and earlier, and QuTScloud c5.1.5 and earlier. QNAP has released patches for these vulnerabilities, which users should install promptly to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP QTS

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tS-BGr
https://www.cve.org/CVERecord?id=CVE-2023-47568
https://nvd.nist.gov/vuln/detail/CVE-2023-47568

Back to Vulnerability Database