Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
photo station vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
5.4
CVSSv3
CVE-2015-9102
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 prior to 6.0-2638 and 6.3 prior to 6.3-2962 allow remote authenticated malicious users to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) descriptio...
Synology Photo Station
9.8
CVSSv3
CVE-2017-11161
Multiple SQL injection vulnerabilities in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allow remote malicious users to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
Synology Photo Station
6.5
CVSSv3
CVE-2017-11162
Directory traversal vulnerability in synphotoio in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
Synology Photo Station
NA
CVE-2015-4656
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station prior to 6.3-2945 allow remote malicious users to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t para...
Synology Photo Station
8.8
CVSSv3
CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
Synology Photo Station
6.1
CVSSv3
CVE-2020-2502
This cross-site scripting vulnerability in Photo Station allows remote malicious users to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later
Qnap Photo Station
8.8
CVSSv3
CVE-2018-8926
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Synology Photo Station
6.1
CVSSv3
CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and previous versions could allow remote malicious users to inject Javascript code in the compromised application.
Qnap Photo Station
1 EDB exploit
8.8
CVSSv3
CVE-2018-8925
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote malicious users to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, o...
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »