Vulnerabilities > Synology > Photo Station > 6.3

DATE CVE VULNERABILITY TITLE RISK
2017-09-08 CVE-2017-11162 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
network
low complexity
synology CWE-22
4.0
4.0
2017-09-08 CVE-2017-11161 SQL Injection vulnerability in Synology Photo Station
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
network
low complexity
synology CWE-89
7.5
7.5
2017-08-24 CVE-2017-9555 Cross-site Scripting vulnerability in Synology Photo Station
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
network
synology CWE-79
3.5
3.5
2017-08-08 CVE-2017-11155 Information Exposure vulnerability in Synology Photo Station
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.
network
low complexity
synology CWE-200
5.0
5.0
2017-08-08 CVE-2017-11154 Unrestricted Upload of File with Dangerous Type vulnerability in Synology Photo Station
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
network
low complexity
synology CWE-434
6.5
6.5
2017-08-08 CVE-2017-11153 Deserialization of Untrusted Data vulnerability in Synology Photo Station
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
network
low complexity
synology CWE-502
7.5
7.5
2017-08-08 CVE-2017-11152 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
network
low complexity
synology CWE-22
5.0
5.0
2017-08-08 CVE-2017-11151 Improper Authentication vulnerability in Synology Photo Station
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
network
low complexity
synology CWE-287
7.5
7.5
2017-06-30 CVE-2015-9102 Cross-site Scripting vulnerability in Synology Photo Station
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos.
network
synology CWE-79
3.5
3.5
2017-05-12 CVE-2016-10331 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
network
low complexity
synology CWE-22
5.0
5.0