Vulnerabilities > Synology > Photo Station

DATE CVE VULNERABILITY TITLE RISK
2017-04-10 CVE-2016-10323 Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
local
low complexity
synology CWE-264
7.8
7.8
2017-04-10 CVE-2016-10322 Command Injection vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
network
low complexity
synology CWE-77
8.8
8.8