Published: 08/08/2017 Updated: 09/10/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in synotheme_upload.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to upload arbitrary files without authentication via the logo_upload action.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

synology photo station 6.3-2967

synology photo station


''' Source: blogssecuriteamcom/indexphp/archives/3356 Vulnerability details The remote code execution is a combination of 4 different vulnerabilities: Upload arbitrary files to the specified directories Log in with a fake authentication mechanism Log in to Photo Station with any identity Execute arbitrary code by authenticated user wit ...