QNAP Qumagie

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in QNAP Qumagie.

By the Year

In 2026 there have been 0 vulnerabilities in QNAP Qumagie. Last year, in 2025 Qumagie had 2 security vulnerabilities published. Right now, Qumagie is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	2	0.00
2024	4	7.70
2023	3	8.80

It may take a day or so for new Qumagie vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent QNAP Qumagie Security Vulnerabilities

SQLi in QuMagie <2.7.0 Unauthenticated Remote Code Exec
CVE-2025-52425 - November 07, 2025

An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later

SQL Injection

QuMagie <2.7.3 Path Traversal CVE-2025-58464
CVE-2025-58464 - November 07, 2025

A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3 and later

Relative Path Traversal

Improper Cert Validation in QuMagie <2.3.1 Enables Local Network Abuse
CVE-2024-38642 7.8 - High - September 06, 2024

An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later

Improper Certificate Validation

SQL Injection in QuMagie (before 2.2.1) Authenticated Network Exploit
CVE-2023-47219 8.8 - High - January 05, 2024

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

SQL Injection

QuMagie 2.2.1 Fixed: Authenticated OS Command Injection via Network
CVE-2023-47560 8.8 - High - January 05, 2024

An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

Shell injection

Authenticated XSS in QuMagie < 2.2.1 (fixed in 2.2.1)
CVE-2023-47559 5.4 - Medium - January 05, 2024

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

XSS

SQLi Vulnerability in QuMagie <2.1.4 via Authenticated Network Access
CVE-2023-41285 8.8 - High - November 10, 2023

QuMagie SQLi for Authenticated Users (pre-2.1.4)
CVE-2023-41284 8.8 - High - November 10, 2023

QuMagie OS Command Injection (V5) Authenticated Nwk Exec Fixed in 2.1.3
CVE-2023-39295 8.8 - High - November 10, 2023

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for QNAP Qumagie or by QNAP? Click the Watch button to subscribe.

QNAP
Vendor

QNAP Qumagie
Product

QNAP Qumagie

Don't miss out!

By the Year

Recent QNAP Qumagie Security Vulnerabilities

SQLi in QuMagie <2.7.0 Unauthenticated Remote Code Exec CVE-2025-52425 - November 07, 2025

QuMagie <2.7.3 Path Traversal CVE-2025-58464 CVE-2025-58464 - November 07, 2025

Improper Cert Validation in QuMagie <2.3.1 Enables Local Network Abuse CVE-2024-38642 7.8 - High - September 06, 2024

SQL Injection in QuMagie (before 2.2.1) Authenticated Network Exploit CVE-2023-47219 8.8 - High - January 05, 2024

QuMagie 2.2.1 Fixed: Authenticated OS Command Injection via Network CVE-2023-47560 8.8 - High - January 05, 2024

Authenticated XSS in QuMagie < 2.2.1 (fixed in 2.2.1) CVE-2023-47559 5.4 - Medium - January 05, 2024

SQLi Vulnerability in QuMagie <2.1.4 via Authenticated Network Access CVE-2023-41285 8.8 - High - November 10, 2023

QuMagie SQLi for Authenticated Users (pre-2.1.4) CVE-2023-41284 8.8 - High - November 10, 2023

QuMagie OS Command Injection (V5) Authenticated Nwk Exec Fixed in 2.1.3 CVE-2023-39295 8.8 - High - November 10, 2023