Photo Station Security Vulnerabilities and Issues — Photo Station CVE List

Lucene search

SynologyPhoto Station

6 matches found

CVE•added 2021/06/02 2:15 a.m.•75 views

CVE-2021-29090

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.

9CVSS7.2AI score0.01405EPSS

CVE•added 2019/06/30 3:15 p.m.•63 views

CVE-2019-11821

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.

9.8CVSS9.9AI score0.00392EPSS

CVE•added 2017/08/08 3:29 p.m.•57 views

CVE-2017-11151

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

9.8CVSS9.5AI score0.14779EPSS

CVE•added 2017/09/08 2:29 p.m.•50 views

CVE-2017-11161

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

9.8CVSS10AI score0.00585EPSS

CVE•added 2017/08/08 3:29 p.m.•47 views

CVE-2017-11153

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

9.8CVSS9.3AI score0.15084EPSS

CVE•added 2017/05/12 8:29 p.m.•42 views

CVE-2016-10329

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.

9.8CVSS9.7AI score0.15108EPSS