Synology DiskStation Manager <= 4.3-3827 'value' Parameter SQL Injection Vulnerability

2014-03-14T00:00:00
ID 8160.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

The observed version of Synology DiskStation Manager is, or is older than, 4.3-3827, and as such is vulnerable to a SQL injection vulnerability due to insufficient user input sanitation of the 'value' parameter to the 'photo/include/blog/article.php' script prior to its use in a SQL query.

                                        
                                            Binary data 8160.prm