Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo station vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-19956
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerability could allow remote malicious users to inject malicious code. This issue affects: QNAP Systems Inc. Photo Station versions before 5.7.11; versions ...
Qnap Photo Station
7.5
CVSSv3
CVE-2022-22681
Session fixation vulnerability in access control management in Synology Photo Station prior to 6.8.16-3506 allows remote malicious users to bypass security constraint via unspecified vectors.
Synology Photo Station
5.4
CVSSv3
CVE-2017-9555
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.0-3414 allows remote malicious users to inject arbitrary web script or HTML via the image parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
5.3
CVSSv3
CVE-2017-12080
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain sensitive system information via .htaccess file.
Synology Photo Station
9.8
CVSSv3
CVE-2021-29089
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station prior to 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.
Synology Photo Station
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
6.1
CVSSv3
CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and previous versions could allow remote malicious users to inject Javascript code in the compromised application.
Qnap Photo Station
1 EDB exploit
9.8
CVSSv3
CVE-2021-44057
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows malicious users to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo St...
Qnap Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »