VDB
CVE-2023-47221
CVE-2023-47221
PUBLISHED
CVSS 5.5 MEDIUM
A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later
EPSS 0.05% · 14.7th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
EPSS Score
0.05%
14.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qnap | photo_station | 6.4.0 |
| QNAP Systems Inc. | Photo Station | 6.4.x |
Timeline
- Mar 8, 2024 CVE Published
- Mar 8, 2024 PoC Published
- Mar 8, 2024 PoC Published
- Mar 9, 2024 EPSS Score
- Apr 4, 2024 EPSS Score
- Apr 30, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 23, 2024 EPSS Score
- Jul 19, 2024 EPSS Score
- Aug 14, 2024 EPSS Score
- Sep 9, 2024 EPSS Score
- Oct 5, 2024 EPSS Score
References
- https://www.qnap.com/fr-fr/security-advisory/qsa-24-09 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-24-11 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-24-12 advisory
- https://www.qnap.com/fr-fr/security-advisory/qsa-24-13 advisory
- https://www.qnap.com/en/security-advisory/qsa-24-13 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-47221 advisory