Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology photo station vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to read arbitrary files via a full pathname in the id parameter.
Synology Photo Station
5.4
CVSSv3
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 prior to 6.0-2638 and 6.3 prior to 6.3-2962 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) descriptio...
Synology Photo Station
NA
CVE-2015-4656
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station prior to 6.3-2945 allow remote malicious users to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t para...
Synology Photo Station
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
9.8
CVSSv3
CVE-2017-11161
Multiple SQL injection vulnerabilities in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allow remote malicious users to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
Synology Photo Station
6.5
CVSSv3
CVE-2017-11162
Directory traversal vulnerability in synphotoio in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Photo Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
5.4
CVSSv3
CVE-2017-12072
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.
Synology Photo Station
7.5
CVSSv3
CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain arbitrary files via prog_id field.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »