Home

Description

An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later

PUBLISHED Reserved 2025-06-16 | Published 2025-11-07 | Updated 2025-11-07 | Assigner qnap




CRITICAL: 9.5CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-89

Product status

Default status
unaffected

2.7.x (custom) before 2.7.0
affected

Credits

Long Hà finder

References

www.qnap.com/en/security-advisory/qsa-25-33

cve.org (CVE-2025-52425)

nvd.nist.gov (CVE-2025-52425)

Download JSON