2 matches found
CVE-2017-11150
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents...
CVE-2017-11150
CVE-2017-11150 affects Synology Office, affecting Document.php in versions 2.2.0-1502 and 2.2.1-1506. A command-injection flaw allows remote authenticated users to execute arbitrary commands by supplying shell metacharacters in the filename of crafted RTF documents. The underlying cause is input ...