Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later
Analysis
An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later
Technical ContextAI
SQL injection occurs when user-supplied input is incorporated into SQL queries without proper sanitization or parameterized queries.
RemediationAI
Use parameterized queries or prepared statements. Apply input validation and escape special characters. Implement least-privilege database accounts.
More in Video Station
View allSynology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharact
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL c
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL c
QNAP has already patched this vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita
Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station before 2.4.10-1632 allows
An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vu
A SQL injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerabil
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high sev
A command injection vulnerability has been reported to affect certain versions of Video Station. Rated high severity (CV
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who
An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local n
Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772,
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-32088