Photo Station Security Vulnerabilities and Issues — Photo Station CVE List

Lucene search

SynologyPhoto Station

5 matches found

CVE•added 2019/06/30 3:15 p.m.•72 views

CVE-2019-11822

Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

6.5CVSS6.6AI score0.00204EPSS

CVE•added 2017/09/08 2:29 p.m.•43 views

CVE-2017-12071

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

6.5CVSS6.8AI score0.00344EPSS

CVE•added 2017/09/08 2:29 p.m.•41 views

CVE-2017-11162

Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.

6.5CVSS6.6AI score0.00375EPSS

CVE•added 2018/03/22 2:29 p.m.•39 views

CVE-2017-16771

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

6.1CVSS6AI score0.0025EPSS

CVE•added 2018/10/31 4:29 p.m.•31 views

CVE-2018-13282

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

6.8CVSS6.3AI score0.00276EPSS