Photo Station@6.8 Security Vulnerabilities and Issues — Photo Station@6.8 CVE List

Lucene search

SynologyPhoto Station6.8

11 matches found

CVE•added 2021/06/01 2:15 p.m.•146 views

CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.

8.8CVSS8.6AI score0.01896EPSS

CVE•added 2021/06/02 3:15 a.m.•78 views

CVE-2021-29089

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.

10CVSS9.8AI score0.01023EPSS

CVE•added 2021/06/02 2:15 a.m.•76 views

CVE-2021-29090

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.

9CVSS7.2AI score0.01405EPSS

CVE•added 2021/06/02 2:15 a.m.•76 views

CVE-2021-29091

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.

7.7CVSS6.1AI score0.00147EPSS

CVE•added 2019/06/30 3:15 p.m.•73 views

CVE-2019-11822

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

6.5CVSS6.6AI score0.00204EPSS

CVE•added 2019/06/30 3:15 p.m.•64 views

CVE-2019-11821

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.

9.8CVSS9.9AI score0.00392EPSS

CVE•added 2017/12/04 7:29 p.m.•50 views

CVE-2017-12079

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.

7.5CVSS7.5AI score0.00297EPSS

CVE•added 2018/03/22 2:29 p.m.•47 views

CVE-2017-16772

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

8.8CVSS8.5AI score0.01375EPSS

CVE•added 2017/12/04 7:29 p.m.•41 views

CVE-2017-12080

An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file.

5.3CVSS5.1AI score0.0023EPSS

CVE•added 2018/03/22 2:29 p.m.•40 views

CVE-2017-16771

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

6.1CVSS6AI score0.0025EPSS

CVE•added 2018/10/31 4:29 p.m.•33 views

CVE-2018-13282

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

6.8CVSS6.3AI score0.00276EPSS