安全ID : QSA-24-24
Vulnerabilities in Video Station
发布日期 : September 7, 2024
通用漏洞披露 : CVE-2023-47563 | CVE-2023-50360
受影响产品: Video Station 5.x
严重程度
Important
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect Video Station:
- CVE-2023-47563: If exploited, the OS command injection vulnerability could allow remote attackers to execute arbitrary commands on the operating system through the application's input.
- CVE-2023-50360: If exploited, the SQL injection vulnerability could allow attackers to inject malicious code.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| Video Station 5.x | Video Station 5.8.2 and later |
Recommendation
To fix the vulnerabilities, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click
.
A search box appears. - Type "Video Station" and then press ENTER.
Video Station appears in the search results. - Click Update.
A confirmation message appears.
Note: The Update button is not available if your Video Station is already up to date. - Click OK.
The application is updated.
附件
致谢:
lebr0nli (Alan Li), working with DEVCORE Internship Program for CVE-2023-47563
Kaibro and Anonymous for CVE-2023-50360
修订历史:
V1.0 (September 07, 2024) - Published
