Security ID : QSA-24-24
Vulnerabilities in Video Station
- Release date : September 7, 2024 
- CVE identifier : CVE-2023-47563 | CVE-2023-50360 
- Affected products: Video Station 5.x 
Severity
Important
Status
Resolved
Summary
Multiple vulnerabilities have been reported to affect Video Station:
- CVE-2023-47563: If exploited, the OS command injection vulnerability could allow remote attackers to execute arbitrary commands on the operating system through the application's input.
- CVE-2023-50360: If exploited, the SQL injection vulnerability could allow attackers to inject malicious code.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version | 
| Video Station 5.x | Video Station 5.8.2 and later | 
Recommendation
To fix the vulnerabilities, we recommend updating Video Station to the latest version.
Updating Video Station
- Log on to QTS or QuTS hero as an administrator.
- Open App Center and then click  . .
 A search box appears.
- Type "Video Station" and then press ENTER.
 Video Station appears in the search results.
- Click Update.
 A confirmation message appears.
 Note: The Update button is not available if your Video Station is already up to date.
- Click OK.
 The application is updated.
Attachment
Acknowledgements: 
lebr0nli (Alan Li), working with DEVCORE Internship Program for CVE-2023-47563
 Kaibro and Anonymous for CVE-2023-50360
Revision History: 
V1.0 (September 07, 2024) - Published
 
                                     
                                    