Vulnerabilities > Synology > Photo Station > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-08 CVE-2017-11161 SQL Injection vulnerability in Synology Photo Station
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
network
low complexity
synology CWE-89
7.5
2017-08-08 CVE-2017-11153 Deserialization of Untrusted Data vulnerability in Synology Photo Station
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
network
low complexity
synology CWE-502
7.5
2017-08-08 CVE-2017-11151 Improper Authentication vulnerability in Synology Photo Station
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
network
low complexity
synology CWE-287
7.5
2017-05-12 CVE-2016-10330 Path Traversal vulnerability in Synology Photo Station
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
local
low complexity
synology CWE-22
7.1
2017-05-12 CVE-2016-10329 Command Injection vulnerability in Synology Photo Station
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
network
low complexity
synology CWE-77
7.5
2017-04-10 CVE-2016-10323 Permissions, Privileges, and Access Controls vulnerability in Synology Photo Station
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
local
low complexity
synology CWE-264
7.2