Photo Station Security Vulnerabilities and Issues — Photo Station CVE List

Lucene search

SynologyPhoto Station

6 matches found

CVE•added 2017/08/08 3:29 p.m.•61 views

CVE-2017-11155

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.

7.5CVSS7.2AI score0.35175EPSS

CVE•added 2017/08/08 3:29 p.m.•57 views

CVE-2017-11151

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

9.8CVSS9.5AI score0.14779EPSS

CVE•added 2017/08/08 3:29 p.m.•47 views

CVE-2017-11153

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

9.8CVSS9.3AI score0.15084EPSS

CVE•added 2017/08/08 3:29 p.m.•43 views

CVE-2017-11154

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

7.2CVSS7.5AI score0.06862EPSS

CVE•added 2017/08/08 3:29 p.m.•40 views

CVE-2017-11152

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.

7.5CVSS7.9AI score0.14053EPSS

CVE•added 2017/08/24 7:29 p.m.•38 views

CVE-2017-9555

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.

5.4CVSS5.4AI score0.00234EPSS