CVE-2023-23356

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-77
View all →

Vulnerability Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later

Related Vulnerabilities

CVE-2017-1352

MEDIUM
CVSS:5.5(Medium)

IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 1...

CWE-772017

CVE-2018-8306

MEDIUM
CVSS:5.5(Medium)

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless Displ...

CWE-772018

CVE-2023-28425

MEDIUM
CVSS:5.5(Medium)

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and terminati...

CWE-772023

CVE-2024-8405

MEDIUM
CVSS:5.5(Medium)

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorr...

CWE-772024

CVE-2025-22476

MEDIUM
CVSS:5.5(Medium)

Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attack...

CWE-772025

CVE-2025-2983

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to o...

CWE-772025