Directory traversal

2017-05-1220:29:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.4%

JSON

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.

CPENameOperatorVersion
photo_stationeq<= 6.5.2-3225

CPE	Name	Operator	Version
	photo_station	eq	<= 6.5.2-3225

References

bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/

www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226