Published: 08/08/2017 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station prior to 6.7.3-3432 and 6.3-2967 allows remote malicious users to write arbitrary files via the path parameter.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

synology photo station 6.3-2967

synology photo station


''' Source: blogssecuriteamcom/indexphp/archives/3356 Vulnerability details The remote code execution is a combination of 4 different vulnerabilities: Upload arbitrary files to the specified directories Log in with a fake authentication mechanism Log in to Photo Station with any identity Execute arbitrary code by authenticated user wit ...