Synology Synology Photo Station

18 CVEs affecting Synology Synology Photo Station. Latest disclosed: 2021-06-02. Critical: 5, High: 9.

Top CVEs affecting Synology Synology Photo Station
CVE	Severity	Score	Published	Summary
`CVE-2021-29089`	Critical	`9.8`	2021-06-02	Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8…
`CVE-2017-11161`	Critical	`9.8`	2017-09-08	Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via th…
`CVE-2017-11153`	Critical	`9.8`	2017-08-08	Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrat…
`CVE-2017-11151`	Critical	`9.8`	2017-08-08	A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without auth…
`CVE-2016-10329`	Critical	`9.8`	2017-05-12	Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharac…
`CVE-2021-29092`	High	`8.8`	2021-06-01	Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authentic…
`CVE-2017-9552`	High	`7.8`	2017-06-13	A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Stat…
`CVE-2021-29091`	High	`7.7`	2021-06-02	Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8…
`CVE-2017-11155`	High	`7.5`	2017-08-08	An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system…
`CVE-2017-11152`	High	`7.5`	2017-08-08	Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary…
`CVE-2016-10331`	High	`7.5`	2017-05-12	Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathna…
`CVE-2021-29090`	High	`7.2`	2021-06-02	Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-350…
`CVE-2017-11154`	High	`7.2`	2017-08-08	Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arb…
`CVE-2016-10330`	High	`7.1`	2017-05-12	Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arb…
`CVE-2017-12071`	Medium	`6.5`	2017-09-08	Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users…
`CVE-2017-11162`	Medium	`6.5`	2017-09-08	Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary fi…
`CVE-2017-9555`	Medium	`5.4`	2017-08-24	Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web…
`CVE-2017-16769`			2018-02-23	Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-pro…