Synology Photo Station
12 CVEs affecting Synology Photo Station. Latest disclosed: 2022-07-06. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-8926 | High | 8.8 | 2018-06-08 | Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated u… |
CVE-2018-8925 | High | 8.8 | 2018-06-08 | Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hi… |
CVE-2022-22681 | High | 8.1 | 2022-07-06 | Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint… |
CVE-2017-12079 | High | 7.5 | 2017-12-04 | Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote a… |
CVE-2019-11821 | High | 7.3 | 2019-06-30 | SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbi… |
CVE-2018-13282 | Medium | 5.6 | 2018-10-31 | Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHP… |
CVE-2017-12072 | Medium | 5.4 | 2017-12-20 | Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbi… |
CVE-2015-9102 | Medium | 5.4 | 2017-06-30 | Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers… |
CVE-2017-12080 | Medium | 5.3 | 2017-12-04 | An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attacker… |
CVE-2019-11822 | Medium | 4.3 | 2019-06-30 | Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upl… |
CVE-2017-16772 | | 2018-03-22 | Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authentic… | |
CVE-2017-16771 | | 2018-03-22 | Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitr… |