Photo Station Security Vulnerabilities and Issues — Photo Station CVE List

Lucene search

SynologyPhoto Station

6 matches found

CVE•added 2021/06/01 2:15 p.m.•145 views

CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.

8.8CVSS8.6AI score0.01896EPSS

CVE•added 2022/07/06 8:15 a.m.•64 views

CVE-2022-22681

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

8.1CVSS7.5AI score0.00356EPSS

CVE•added 2018/03/22 2:29 p.m.•46 views

CVE-2017-16772

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

8.8CVSS8.5AI score0.01375EPSS

CVE•added 2017/04/10 6:59 p.m.•38 views

CVE-2016-10322

Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.

8.8CVSS8.7AI score0.02815EPSS

CVE•added 2018/06/08 1:29 p.m.•38 views

CVE-2018-8926

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

8.8CVSS8.5AI score0.00428EPSS

CVE•added 2018/06/08 1:29 p.m.•37 views

CVE-2018-8925

Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter.

8.8CVSS8.9AI score0.00145EPSS