Synology

Photo Station

33 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-22681

  • EPSS 0.36%
  • Published 06.07.2022 08:15:07
  • Last modified 21.11.2024 06:47:15

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

10

CVE-2021-29089

  • EPSS 1.02%
  • Published 02.06.2021 03:15:06
  • Last modified 21.11.2024 06:00:41

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vec...

6.5

CVE-2021-29091

  • EPSS 0.15%
  • Published 02.06.2021 02:15:07
  • Last modified 21.11.2024 06:00:41

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.

9

CVE-2021-29090

  • EPSS 1.41%
  • Published 02.06.2021 02:15:06
  • Last modified 21.11.2024 06:00:41

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vector...

8.8

CVE-2021-29092

  • EPSS 1.9%
  • Published 01.06.2021 14:15:09
  • Last modified 21.11.2024 06:00:41

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.

6.5

CVE-2019-11822

  • EPSS 0.19%
  • Published 30.06.2019 15:15:09
  • Last modified 21.11.2024 04:21:50

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

9.8

CVE-2019-11821

  • EPSS 0.39%
  • Published 30.06.2019 15:15:09
  • Last modified 21.11.2024 04:21:49

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.

6.8

CVE-2018-13282

  • EPSS 0.28%
  • Published 31.10.2018 16:29:00
  • Last modified 21.11.2024 03:46:45

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

8.8

CVE-2018-8926

  • EPSS 0.43%
  • Published 08.06.2018 13:29:01
  • Last modified 21.11.2024 04:14:37

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

8.8

CVE-2018-8925

  • EPSS 0.15%
  • Published 08.06.2018 13:29:01
  • Last modified 21.11.2024 04:14:36

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4...