Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Photo_station
(Synology)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 33 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2017-05-12 | CVE-2016-10330 | Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. | Photo_station | 7.1 | ||
2019-06-30 | CVE-2019-11821 | SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | Photo_station | 9.8 | ||
2019-06-30 | CVE-2019-11822 | Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. | Photo_station | 6.5 | ||
2022-07-06 | CVE-2022-22681 | Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors. | Photo_station | 7.5 | ||
2021-06-02 | CVE-2021-29090 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | Photo_station | 7.2 | ||
2021-06-02 | CVE-2021-29091 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors. | Photo_station | 6.5 | ||
2021-06-02 | CVE-2021-29089 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. | Photo_station | 9.8 | ||
2021-06-01 | CVE-2021-29092 | Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors. | Photo_station | 8.8 | ||
2018-06-08 | CVE-2018-8926 | Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. | Photo_station | 8.8 | ||
2018-06-08 | CVE-2018-8925 | Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. | Photo_station | 8.8 |