2 matches found
CVE-2019-11829
OS command injection vulnerability in driverssynoimportuser.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header...
CVE-2019-11829
CVE-2019-11829 affects Synology Calendar versions prior to 2.3.1-0617, where the vulnerability resides in the drivers_syno_import_user.php component. A remote attacker can exploit an OS command injection by crafting the X-Real-IP header, potentially leading to arbitrary command execution with hig...