Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
synology photo station vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to upload arbitrary files via the uploadphoto parameter.
Synology Photo Station
7.5
CVSSv3
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station prior to 6.5.3-3226 allows remote malicious users to read arbitrary files via a full pathname in the id parameter.
Synology Photo Station
9.8
CVSSv3
CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station prior to 6.8.11-3489 and prior to 6.3-2977 allows remote malicious users to execute arbitrary SQL command via the type parameter.
Synology Photo Station
8.8
CVSSv3
CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
Synology Photo Station
8.8
CVSSv3
CVE-2018-8925
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station prior to 6.8.5-3471 and prior to 6.3-2975 allows remote malicious users to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, o...
Synology Photo Station
7.2
CVSSv3
CVE-2021-29090
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
Synology Photo Station
8.8
CVSSv3
CVE-2021-29092
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station prior to 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Synology Photo Station
6.1
CVSSv3
CVE-2017-16771
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station prior to 6.8.3-3463 and prior to 6.3-2971 allows remote malicious users to inject arbitrary web script or HTML via the username parameter.
Synology Photo Station
6.5
CVSSv3
CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station prior to 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Synology Photo Station
7.5
CVSSv3
CVE-2017-12079
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station prior to 6.8.1-3458 and prior to 6.3-2970 allows remote malicious users to obtain arbitrary files via prog_id field.
Synology Photo Station
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »