Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

photo station vulnerabilities and exploits

(subscribe to this query)

4
CVSSv2
CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter....
Synology Photo Station
4.3
CVSSv2
CVE-2017-13073
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML....
Qnap Photo Station
3.5
CVSSv2
CVE-2017-9555
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter....
Synology Photo Station
6.5
CVSSv2
CVE-2016-10322
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php....
Synology Photo Station
6.8
CVSSv2
CVE-2018-13282
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter....
Synology Photo Station
5
CVSSv2
CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter....
Synology Photo Station
5
CVSSv2
CVE-2017-12080
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file....
Synology Photo Station
7.5
CVSSv2
CVE-2017-11161
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php....
Synology Photo Station
7.2
CVSSv2
CVE-2016-10323
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command....
Synology Photo Station
6.5
CVSSv2
CVE-2017-16772
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter....
Synology Photo Station
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-35489s assistantcross-site scriptingCVE-2021-28029bam projectvalidationCVE-2021-27363CVE-2021-21326unauthorizedCVE-2021-26855byte struct projectCVE-2020-29030byte struct