daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor update

patch-1
Dhiyaneshwaran 2024-04-05 12:48:03 +05:30 committed by GitHub
parent ee86a3d728
commit 759644dc3c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
http/cves/2023/CVE-2023-47218.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2023-47218
info:
name: QNAP QTS and QuTS Hero - OS Command Injection
author: ritikchaddha
severity: high
severity: medium
description: |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.
reference:
@ -11,11 +11,14 @@ info:
- https://twitter.com/win3zz/status/1760224052289888668/photo/3
- https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/
- https://nvd.nist.gov/vuln/detail/CVE-2023-47218
- https://www.qnap.com/en/security-advisory/qsa-23-57
classification:
cvss-metrics: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 8.3
cwe-id: CWE-78
cvss-metrics: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 5.8
cve-id: CVE-2023-47218
cwe-id: CWE-77
epss-score: 0.01317
epss-percentile: 0.8569
metadata:
verified: true
max-request: 2