CVE-2022-27596
CRITICALQNAP QTS 5.0.1-5.0.1.2234 and QuTS hero h5.0.1-h5.0.1.2248 - SQL Injection
Title source: llmDescription
A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-23-01
Scores
CVSS v3
9.8
EPSS
0.2095
EPSS Percentile
95.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (2)
qnap/qts
5.0.1 - 5.0.1.2234
qnap/quts_hero
h5.0.1 - h5.0.1.2248
Published
Jan 30, 2023
Tracked Since
Feb 18, 2026