Search criteria
58 vulnerabilities found for Photo Station by Synology
VAR-201704-0078
Vulnerability from variot - Updated: 2025-04-21 23:34Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in versions prior to Synology Photo Station 6.3-2958. A local attacker could exploit this vulnerability to gain privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.0-2640"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.0-2638"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.0-2639"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
}
]
},
"cve": "CVE-2016-10323",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10323",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-89088",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-10323",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10323",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-10323",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-473",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-89088",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a \"synophoto_dsm_user --copy-no-ea\" command. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in versions prior to Synology Photo Station 6.3-2958. A local attacker could exploit this vulnerability to gain privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10323"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "VULHUB",
"id": "VHN-89088"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10323",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89088",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"id": "VAR-201704-0078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89088"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-21T23:34:04.467000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-us/releaseNote/PhotoStation"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69169"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/oss-sec/2016/q1/236"
},
{
"trust": 1.7,
"url": "https://www.synology.com/en-us/releasenote/photostation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10323"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10323"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89088"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-89088"
},
{
"date": "2017-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"date": "2017-04-10T18:59:00.190000",
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-89088"
},
{
"date": "2017-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008359"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-473"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008359"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-473"
}
],
"trust": 0.6
}
}
VAR-201706-0713
Vulnerability from variot - Updated: 2025-04-20 23:43A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by "synophoto_dsm_user --auth USERNAME PASSWORD", and local users are able to obtain credentials by sniffing "/proc/*/cmdline". Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A local attacker could exploit this vulnerability via the command line to obtain certificates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0713",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.0-2636"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.4-3166"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.6.1-3346"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2965"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2964"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2963"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.7.1-3419"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.5.1-3223"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.5.0-3218"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.5.2-3225"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.6.3-3347"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0-2639"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0-2638"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0-2640"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.6.0-3339"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2960"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.6.2-3346"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.5.3-3226"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.0-3414"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0-2528"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2944"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2962"
},
{
"model": "photo station",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.6.1-3345"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "6.7.1-3419 for up to 6.0-2528"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
}
]
},
"cve": "CVE-2017-9552",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9552",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-117755",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2017-9552",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9552",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9552",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-651",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-117755",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117755"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by \"synophoto_dsm_user --auth USERNAME PASSWORD\", and local users are able to obtain credentials by sniffing \"/proc/*/cmdline\". Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A local attacker could exploit this vulnerability via the command line to obtain certificates",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9552"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "VULHUB",
"id": "VHN-117755"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9552",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-117755",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117755"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"id": "VAR-201706-0713",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117755"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:43:03.588000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station (CVE-2017-9552)",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Photo_Station_CVE_2017_9552"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71024"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-522",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117755"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/photo_station_cve_2017_9552"
},
{
"trust": 1.7,
"url": "http://blog.crozat.net/2017/06/synology-photostation-password-vulnerabilty.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9552"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9552"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117755"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117755"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-117755"
},
{
"date": "2017-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"date": "2017-06-13T13:29:00.173000",
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117755"
},
{
"date": "2017-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005133"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-651"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerability in obtaining credentials in authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-651"
}
],
"trust": 0.6
}
}
VAR-201705-1384
Vulnerability from variot - Updated: 2025-04-20 23:42Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-1384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.5.2-3225"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.5.3-3226"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.5.2-3225"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
}
]
},
"cve": "CVE-2016-10329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10329",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-89094",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10329",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10329",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-10329",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-721",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-89094",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted \u0027X-Forwarded-For\u0027 header. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "VULHUB",
"id": "VHN-89094"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10329",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89094",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"id": "VAR-201705-1384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89094"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:42:13.894000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station 6.5.3-3226",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"
},
{
"title": "Synology Photo Station Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70315"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/photo_station_6_5_3_3226"
},
{
"trust": 1.7,
"url": "https://bamboofox.github.io/2017/03/20/synology-bug-bounty-2016/#vul-01-photostation-login-without-password"
},
{
"trust": 1.7,
"url": "https://bamboofox.github.io/2017/03/20/synology-bug-bounty-2016/#vul-02-photostation-remote-code-execution"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2016/q1/236"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10329"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10329"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89094"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-89094"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"date": "2017-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"date": "2017-05-12T20:29:00.203000",
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-89094"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008587"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-721"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station of login.php Vulnerable to command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008587"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-721"
}
],
"trust": 0.6
}
}
VAR-201712-0141
Vulnerability from variot - Updated: 2025-04-20 23:42Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. There is a security vulnerability in the picasa.php file in Synology Photo Station versions earlier than 6.8.1-3458 and versions earlier than 6.3-2970
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2970"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.1-3458"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
}
]
},
"cve": "CVE-2017-12079",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12079",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-102565",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12079",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12079",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-12079",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. There is a security vulnerability in the picasa.php file in Synology Photo Station versions earlier than 6.8.1-3458 and versions earlier than 6.3-2970",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12079"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "VULHUB",
"id": "VHN-102565"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12079",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102565",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"id": "VAR-201712-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102565"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:42:03.926000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:63 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76881"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-552",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_63_photo_station"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12079"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12079"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102565"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-102565"
},
{
"date": "2018-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"date": "2017-12-04T19:29:00.220000",
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102565"
},
{
"date": "2018-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011195"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-043"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12079"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011195"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-043"
}
],
"trust": 0.6
}
}
VAR-201705-1385
Vulnerability from variot - Updated: 2025-04-20 23:40Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-1385",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.5.2-3225"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.5.3-3226"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.5.2-3225"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
}
]
},
"cve": "CVE-2016-10330",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10330",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-89096",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-10330",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10330",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-10330",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-720",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-89096",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10330"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "VULHUB",
"id": "VHN-89096"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10330",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89096",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"id": "VAR-201705-1385",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89096"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:40:09.349000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station 6.5.3-3226",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"
},
{
"title": "Synology Photo Station Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70314"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/photo_station_6_5_3_3226"
},
{
"trust": 1.7,
"url": "https://bamboofox.github.io/2017/03/20/synology-bug-bounty-2016/#vul-03-read-write-arbitrary-files"
},
{
"trust": 1.7,
"url": "https://bamboofox.github.io/2017/03/20/synology-bug-bounty-2016/#vul-04-privilege-escalation"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2016/q1/236"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10330"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10330"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89096"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-89096"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"date": "2017-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"date": "2017-05-12T20:29:00.250000",
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-89096"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008588"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-720"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10330"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Used in SUID Program synophoto_dsm_user Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-720"
}
],
"trust": 0.6
}
}
VAR-201708-1426
Vulnerability from variot - Updated: 2025-04-20 23:36Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Synology Photo Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.6.3-3347"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.7.0-3414"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.6.3-3347"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
}
]
},
"cve": "CVE-2017-9555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-9555",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-117758",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-9555",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9555",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9555",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1101",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-117758",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Synology Photo Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9555"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "VULHUB",
"id": "VHN-117758"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9555",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-117758",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"id": "VAR-201708-1426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-117758"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:36:47.819000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:47 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_47_Photo_Station"
},
{
"title": "Synology Photo Station Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74285"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_47_photo_station"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9555"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9555"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-117758"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-117758"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"date": "2017-08-24T19:29:00.280000",
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117758"
},
{
"date": "2017-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007304"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1101"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007304"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1101"
}
],
"trust": 0.6
}
}
VAR-201709-0480
Vulnerability from variot - Updated: 2025-04-20 23:36Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.3-3432"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.3-3432"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
}
]
},
"cve": "CVE-2017-12071",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-12071",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-102557",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-12071",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12071",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12071",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-345",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102557",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12071"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "VULHUB",
"id": "VHN-102557"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12071",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102557",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"id": "VAR-201709-0480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102557"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:36:47.299000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:35 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_35_PhotoStation"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74671"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_35_photostation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12071"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12071"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-102557"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"date": "2017-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"date": "2017-09-08T14:29:00.290000",
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102557"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007659"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-345"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12071"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Server-side request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007659"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-345"
}
],
"trust": 0.6
}
}
VAR-201706-0042
Vulnerability from variot - Updated: 2025-04-20 23:34Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0042",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2960"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "6.3-2962"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "6.0-2638"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.0"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2960"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
}
]
},
"cve": "CVE-2015-9102",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-9102",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-87063",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-9102",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-9102",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-9102",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-1197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87063",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2015-9102",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87063"
},
{
"db": "VULMON",
"id": "CVE-2015-9102"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9102"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "VULHUB",
"id": "VHN-87063"
},
{
"db": "VULMON",
"id": "CVE-2015-9102"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9102",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87063",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9102",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87063"
},
{
"db": "VULMON",
"id": "CVE-2015-9102"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"id": "VAR-201706-0042",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87063"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:34:21.890000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station 6.3-2962",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Photo_Station_6_3_2962"
},
{
"title": "Synology Photo Station Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71231"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87063"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.fortiguard.com/zeroday/fg-vd-15-103"
},
{
"trust": 2.6,
"url": "http://www.fortiguard.com/zeroday/fg-vd-15-104"
},
{
"trust": 2.6,
"url": "http://www.fortiguard.com/zeroday/fg-vd-15-109"
},
{
"trust": 2.6,
"url": "http://www.fortiguard.com/zeroday/fg-vd-15-112"
},
{
"trust": 1.8,
"url": "https://www.synology.com/en-global/support/security/photo_station_6_3_2962"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9102"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9102"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87063"
},
{
"db": "VULMON",
"id": "CVE-2015-9102"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87063"
},
{
"db": "VULMON",
"id": "CVE-2015-9102"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-87063"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9102"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"date": "2017-06-30T13:29:00.177000",
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-87063"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9102"
},
{
"date": "2017-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007627"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-1197"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-9102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-1197"
}
],
"trust": 0.6
}
}
VAR-201704-0077
Vulnerability from variot - Updated: 2025-04-20 23:33Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in versions prior to Synology Photo Station 6.3-2958
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2954"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2954"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
}
]
},
"cve": "CVE-2016-10322",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-10322",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-89087",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-10322",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10322",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-10322",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-474",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89087",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in versions prior to Synology Photo Station 6.3-2958",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10322"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "VULHUB",
"id": "VHN-89087"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10322",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89087",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"id": "VAR-201704-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89087"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:33:00.191000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-us/releaseNote/PhotoStation"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69170"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/oss-sec/2016/q1/236"
},
{
"trust": 1.7,
"url": "https://www.synology.com/en-us/releasenote/photostation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10322"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10322"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89087"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-89087"
},
{
"date": "2017-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"date": "2017-04-10T18:59:00.157000",
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-89087"
},
{
"date": "2017-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008360"
},
{
"date": "2017-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-474"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008360"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-474"
}
],
"trust": 0.6
}
}
VAR-201705-1386
Vulnerability from variot - Updated: 2025-04-20 23:32Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Chinese company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-1386",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.5.2-3225"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.5.3-3226"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.5.2-3225"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
}
]
},
"cve": "CVE-2016-10331",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-10331",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-89097",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-10331",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-10331",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-10331",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-719",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-89097",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Chinese company",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10331"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "VULHUB",
"id": "VHN-89097"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10331",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89097",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"id": "VAR-201705-1386",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89097"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:32:58.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station 6.5.3-3226",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"
},
{
"title": "Synology Photo Station Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70313"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/photo_station_6_5_3_3226"
},
{
"trust": 1.7,
"url": "https://bamboofox.github.io/2017/03/20/synology-bug-bounty-2016/#vul-06-local-file-inclusion"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10331"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10331"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89097"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-89097"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"date": "2017-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"date": "2017-05-12T20:29:00.283000",
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-89097"
},
{
"date": "2017-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008589"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-719"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-10331"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station of download.php Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-719"
}
],
"trust": 0.6
}
}
VAR-201709-0973
Vulnerability from variot - Updated: 2025-04-20 23:29Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Photo Station Contains a path traversal vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0973",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.3-3432"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.3-3432"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
}
]
},
"cve": "CVE-2017-11162",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-11162",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101557",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-11162",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11162",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-11162",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101557",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. Synology Photo Station Contains a path traversal vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "VULHUB",
"id": "VHN-101557"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11162",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101557",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"id": "VAR-201709-0973",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101557"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:29:34.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:35 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_35_PhotoStation"
},
{
"title": "Synology Photo Station Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99904"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_35_photostation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11162"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11162"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101557"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101557"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"date": "2017-09-08T14:29:00.260000",
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101557"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-371"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11162"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007658"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-371"
}
],
"trust": 0.6
}
}
VAR-201712-0140
Vulnerability from variot - Updated: 2025-04-20 23:25Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. Synology Photo Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.0-3456"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
}
]
},
"cve": "CVE-2017-12072",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-12072",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-102558",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2017-12072",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12072",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12072",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-780",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102558",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. Synology Photo Station Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12072"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "VULHUB",
"id": "VHN-102558"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12072",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102558",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"id": "VAR-201712-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102558"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:53.909000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:80",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_80"
},
{
"title": "Synology Photo Station Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77272"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_80"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12072"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12072"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102558"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-20T00:00:00",
"db": "VULHUB",
"id": "VHN-102558"
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"date": "2017-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"date": "2017-12-20T18:29:00.230000",
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102558"
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011604"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-780"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12072"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-780"
}
],
"trust": 0.6
}
}
VAR-201712-0142
Vulnerability from variot - Updated: 2025-04-20 23:25An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0142",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2970"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.1-3458"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
}
]
},
"cve": "CVE-2017-12080",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-12080",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-102567",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-12080",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12080",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12080",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-042",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-102567",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12080"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "VULHUB",
"id": "VHN-102567"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12080",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-102567",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"id": "VAR-201712-0142",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-102567"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:25:53.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:63 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station"
},
{
"title": "Synology Photo Station Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76880"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_63_photo_station"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12080"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12080"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-102567"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-04T00:00:00",
"db": "VULHUB",
"id": "VHN-102567"
},
{
"date": "2018-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"date": "2017-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"date": "2017-12-04T19:29:00.267000",
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102567"
},
{
"date": "2018-01-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011196"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-042"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011196"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-042"
}
],
"trust": 0.6
}
}
VAR-201709-0972
Vulnerability from variot - Updated: 2025-04-20 23:24Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. Synology Photo Station Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0972",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.3-3432"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.3-3432"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
}
]
},
"cve": "CVE-2017-11161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11161",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11161",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11161",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11161",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-372",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101556",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101556"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. Synology Photo Station Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11161"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "VULHUB",
"id": "VHN-101556"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11161",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101556",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101556"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"id": "VAR-201709-0972",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101556"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:24:53.417000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:35 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_35_PhotoStation"
},
{
"title": "Synology Photo Station SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99905"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101556"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_35_photostation"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11161"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11161"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101556"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101556"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101556"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"date": "2017-09-08T14:29:00.213000",
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101556"
},
{
"date": "2017-09-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007657"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-372"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007657"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-372"
}
],
"trust": 0.6
}
}
VAR-201708-1077
Vulnerability from variot - Updated: 2025-04-20 23:22Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.2-3429"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.2-3429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
}
]
},
"cve": "CVE-2017-11152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11152",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-101546",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11152",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11152",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11152",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-381",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101546",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11152"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "VULHUB",
"id": "VHN-101546"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-101546",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101546"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11152",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "42434",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101546",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"id": "VAR-201708-1077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101546"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:13.334000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:34 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation"
},
{
"title": "Synology Photo Station Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99912"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_34_photostation"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42434/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11152"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101546"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101546"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"date": "2017-08-08T15:29:07.740000",
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101546"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-381"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006966"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-381"
}
],
"trust": 0.6
}
}
VAR-201708-1078
Vulnerability from variot - Updated: 2025-04-20 23:22Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. Synology Photo Station Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. There is a security vulnerability in the synophoto_csPhotoMisc.php file in Synology Photo Station versions prior to 6.7.3-3432 and versions prior to 6.3-2967
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.2-3429"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.2-3429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
}
]
},
"cve": "CVE-2017-11153",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11153",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101547",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11153",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11153",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11153",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-380",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101547",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload. Synology Photo Station Contains a vulnerability in the deserialization of unreliable data.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. There is a security vulnerability in the synophoto_csPhotoMisc.php file in Synology Photo Station versions prior to 6.7.3-3432 and versions prior to 6.3-2967",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11153"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "VULHUB",
"id": "VHN-101547"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-101547",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101547"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11153",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "42434",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101547",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"id": "VAR-201708-1078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101547"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:13.309000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:34 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99911"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_34_photostation"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42434/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11153"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11153"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101547"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101547"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"date": "2017-08-08T15:29:07.773000",
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101547"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006996"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-380"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11153"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to unreliable data deserialization",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006996"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-380"
}
],
"trust": 0.6
}
}
VAR-201708-1080
Vulnerability from variot - Updated: 2025-04-20 23:22An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.2-3429"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.2-3429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
}
]
},
"cve": "CVE-2017-11155",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11155",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101549",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11155",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11155",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11155",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-378",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101549",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101549"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11155"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "VULHUB",
"id": "VHN-101549"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-101549",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101549"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11155",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "42434",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101549",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101549"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"id": "VAR-201708-1080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101549"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:13.283000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:34 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation"
},
{
"title": "Synology Photo Station Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99909"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-205",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101549"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_34_photostation"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42434/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11155"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11155"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101549"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101549"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101549"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"date": "2017-08-08T15:29:07.837000",
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101549"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006997"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-378"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11155"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006997"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-378"
}
],
"trust": 0.6
}
}
VAR-201708-1076
Vulnerability from variot - Updated: 2025-04-20 23:22A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. Synology Photo Station Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.2-3429"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.2-3429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
}
]
},
"cve": "CVE-2017-11151",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-11151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-101545",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-11151",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11151",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-11151",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-382",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-101545",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. Synology Photo Station Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11151"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "VULHUB",
"id": "VHN-101545"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-101545",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101545"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11151",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "42434",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-96600",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "143745",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-101545",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"id": "VAR-201708-1076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101545"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:13.258000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:34 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99913"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_34_photostation"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42434/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11151"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11151"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101545"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101545"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"date": "2017-08-08T15:29:07.710000",
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101545"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006995"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-382"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11151"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-382"
}
],
"trust": 0.6
}
}
VAR-201708-1079
Vulnerability from variot - Updated: 2025-04-20 23:22Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. Synology Photo Station Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.7.2-3429"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.7.2-3429"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
}
]
},
"cve": "CVE-2017-11154",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-11154",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-101548",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2017-11154",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-11154",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-11154",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-379",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101548",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101548"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter. Synology Photo Station Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-11154"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "VULHUB",
"id": "VHN-101548"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-101548",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101548"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-11154",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "42434",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101548",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101548"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"id": "VAR-201708-1079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101548"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:22:13.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:34 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99910"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101548"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_34_photostation"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/42434/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11154"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11154"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101548"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101548"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-101548"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"date": "2017-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"date": "2017-08-08T15:29:07.803000",
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101548"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006967"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-379"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-11154"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006967"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-379"
}
],
"trust": 0.6
}
}
VAR-201506-0183
Vulnerability from variot - Updated: 2025-04-13 23:09Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/. Synology Photo Station is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities 2. A command-injection vulnerability Attackers may exploit these issues to execute arbitrary commands and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. Synology Photo Station 6.2-2858 is vulnerable; other versions may also be affected. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0183",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2944"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.3-2945"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Han Sahin",
"sources": [
{
"db": "BID",
"id": "74816"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
}
],
"trust": 0.9
},
"cve": "CVE-2015-4656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4656",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-82617",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4656",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-4656",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82617",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82617"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php or (2) crafted URL parameters to index.php, as demonstrated by the t parameter to photo/. Synology Photo Station is prone to multiple security vulnerabilities, including:\n1. Multiple cross-site scripting vulnerabilities\n2. A command-injection vulnerability\nAttackers may exploit these issues to execute arbitrary commands and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. \nSynology Photo Station 6.2-2858 is vulnerable; other versions may also be affected. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4656"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "BID",
"id": "74816"
},
{
"db": "VULHUB",
"id": "VHN-82617"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-82617",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82617"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4656",
"trust": 2.8
},
{
"db": "BID",
"id": "74816",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-82617",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82617"
},
{
"db": "BID",
"id": "74816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"id": "VAR-201506-0183",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82617"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:09:49.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station-2945",
"trust": 0.8,
"url": "https://www.synology.com/en-us/support/security/Photo_Station_2945"
},
{
"title": "Release Notes for Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-us/releaseNote/PhotoStation"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82617"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.securify.nl/advisory/sfy20150504/synology_photo_station_multiple_cross_site_scripting_vulnerabilities.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/74816"
},
{
"trust": 1.7,
"url": "https://www.synology.com/en-us/support/security/photo_station_2945"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2015/may/110"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4656"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4656"
},
{
"trust": 0.3,
"url": "http://www.synology.com/us/products/features/photostation4.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82617"
},
{
"db": "BID",
"id": "74816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82617"
},
{
"db": "BID",
"id": "74816"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-82617"
},
{
"date": "2015-05-25T00:00:00",
"db": "BID",
"id": "74816"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"date": "2015-06-18T18:59:09.007000",
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-82617"
},
{
"date": "2015-07-15T00:38:00",
"db": "BID",
"id": "74816"
},
{
"date": "2015-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003208"
},
{
"date": "2015-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-525"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4656"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003208"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-525"
}
],
"trust": 0.6
}
}
VAR-201409-0039
Vulnerability from variot - Updated: 2025-04-13 21:56Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Photo Station 5 DSM 3.2 (1955) is vulnerable; other versions may also be affected. Synology Photo Station 5 for DiskStation Manager (DSM) is a DSM (NAS operating system) based solution from Synology for sharing pictures, videos and blogs on the Internet. The vulnerability is caused by the photo/photo_one.php script not filtering the 'name' parameter sufficiently. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Drupal CKEditor / FCKeditor Modules Cross Site Scripting and Code Execution Vulnerabilities
SECUNIA ADVISORY ID: SA48435
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48435
RELEASE DATE: 2012-03-15
DISCUSS ADVISORY: http://secunia.com/advisories/48435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48435/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in the CKEditor and FCKeditor modules for Drupal, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.
1) Certain input when editing content is not properly sanitised before being returned to the user.
2) Certain unspecified input is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code.
Note: Successful exploitation of this vulnerability for FCKeditor version 6.x requires the "access fckeditor" permission and for CKEditor version 6.x requires the "access ckeditor" permission.
The vulnerabilities are reported in the FCKeditor module versions 6.x-2.x prior to 6.x-2.3 and the CKEditor module versions 6.x-1.x prior to 6.x-1.9 and 7.x-1.x prior to 7.x-1.7.
SOLUTION: Update to a fixed version.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Heine Deelstra, the Drupal Security Team.
ORIGINAL ADVISORY: SA-CONTRIB-2012-040: http://drupal.org/node/1482528
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
The vulnerability is reported in version 3.2-1995. Other versions may also be affected.
SOLUTION: Filter malicious characters and character sequences using a proxy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 2.4,
"vendor": "synology",
"version": "5"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.6,
"vendor": "synology",
"version": "3.2-1955"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "(dsm) 3.2-1955"
},
{
"model": "inc photo station dsm",
"scope": "eq",
"trust": 0.3,
"vendor": "synology",
"version": "53.2"
},
{
"model": "inc photo station dsm",
"scope": "ne",
"trust": 0.3,
"vendor": "synology",
"version": "54"
}
],
"sources": [
{
"db": "BID",
"id": "52416"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:diskstation_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Simon Ganiere",
"sources": [
{
"db": "BID",
"id": "52416"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
}
],
"trust": 0.9
},
"cve": "CVE-2012-1556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1556",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54837",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1556",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1556",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-222",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54837",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nPhoto Station 5 DSM 3.2 (1955) is vulnerable; other versions may also be affected. Synology Photo Station 5 for DiskStation Manager (DSM) is a DSM (NAS operating system) based solution from Synology for sharing pictures, videos and blogs on the Internet. The vulnerability is caused by the photo/photo_one.php script not filtering the \u0027name\u0027 parameter sufficiently. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nDrupal CKEditor / FCKeditor Modules Cross Site Scripting and Code\nExecution Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48435\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48435/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48435\n\nRELEASE DATE:\n2012-03-15\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48435/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48435/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48435\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in the CKEditor and FCKeditor\nmodules for Drupal, which can be exploited by malicious users to\ncompromise a vulnerable system and by malicious people to conduct\ncross-site scripting attacks. \n\n1) Certain input when editing content is not properly sanitised\nbefore being returned to the user. \n\n2) Certain unspecified input is not properly sanitised before being\nused. This can be exploited to execute arbitrary PHP code. \n\nNote: Successful exploitation of this vulnerability for FCKeditor\nversion 6.x requires the \"access fckeditor\" permission and for\nCKEditor version 6.x requires the \"access ckeditor\" permission. \n\nThe vulnerabilities are reported in the FCKeditor module versions\n6.x-2.x prior to 6.x-2.3 and the CKEditor module versions 6.x-1.x\nprior to 6.x-1.9 and 7.x-1.x prior to 7.x-1.7. \n\nSOLUTION:\nUpdate to a fixed version. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Heine Deelstra, the Drupal Security Team. \n\nORIGINAL ADVISORY:\nSA-CONTRIB-2012-040:\nhttp://drupal.org/node/1482528\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nThe vulnerability is reported in version 3.2-1995. Other versions may\nalso be affected. \n\nSOLUTION:\nFilter malicious characters and character sequences using a proxy",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1556"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "BID",
"id": "52416"
},
{
"db": "VULHUB",
"id": "VHN-54837"
},
{
"db": "PACKETSTORM",
"id": "110844"
},
{
"db": "PACKETSTORM",
"id": "110781"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-54837",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54837"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1556",
"trust": 2.8
},
{
"db": "BID",
"id": "52416",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48334",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "80034",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "48435",
"trust": 0.7
},
{
"db": "XF",
"id": "73976",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "36944",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110696",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-54837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110844",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110781",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54837"
},
{
"db": "BID",
"id": "52416"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "PACKETSTORM",
"id": "110844"
},
{
"db": "PACKETSTORM",
"id": "110781"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"id": "VAR-201409-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54837"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T21:56:06.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Photo Station",
"trust": 0.8,
"url": "http://forum.synology.com/enu/viewforum.php?f=17"
},
{
"title": "DSM 5.0",
"trust": 0.8,
"url": "https://www.synology.com/ja-jp/dsm/5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54837"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0045.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/52416"
},
{
"trust": 1.7,
"url": "http://osvdb.org/80034"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/48334"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73976"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1556"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1556"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/73976"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/48435"
},
{
"trust": 0.3,
"url": "http://www.synology.com/us/products/features/photostation4.php"
},
{
"trust": 0.3,
"url": "/archive/1/521933"
},
{
"trust": 0.2,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48435/#comments"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48435"
},
{
"trust": 0.1,
"url": "http://drupal.org/node/1482528"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48435/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48334/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48334/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48334"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54837"
},
{
"db": "BID",
"id": "52416"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "PACKETSTORM",
"id": "110844"
},
{
"db": "PACKETSTORM",
"id": "110781"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54837"
},
{
"db": "BID",
"id": "52416"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"db": "PACKETSTORM",
"id": "110844"
},
{
"db": "PACKETSTORM",
"id": "110781"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-54837"
},
{
"date": "2012-03-12T00:00:00",
"db": "BID",
"id": "52416"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"date": "2012-03-15T06:37:19",
"db": "PACKETSTORM",
"id": "110844"
},
{
"date": "2012-03-14T05:16:33",
"db": "PACKETSTORM",
"id": "110781"
},
{
"date": "2012-03-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"date": "2014-09-12T14:55:06.503000",
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-54837"
},
{
"date": "2012-03-12T22:00:00",
"db": "BID",
"id": "52416"
},
{
"date": "2014-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-006269"
},
{
"date": "2014-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-222"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-1556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology DiskStation Manager for Photo Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-006269"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "110844"
},
{
"db": "PACKETSTORM",
"id": "110781"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-222"
}
],
"trust": 0.8
}
}
VAR-201810-0554
Vulnerability from variot - Updated: 2024-11-23 23:08Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Synology Photo Station Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0554",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.8.7-3481"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2976"
},
{
"model": "photo station",
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2971"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.6-3479"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.1-3458"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2975"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.4-3468"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.5-3471"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.2-3461"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.0-3456"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.8.3-3463"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
}
]
},
"cve": "CVE-2018-13282",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-13282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-123326",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2018-13282",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"id": "CVE-2018-13282",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-13282",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@synology.com",
"id": "CVE-2018-13282",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-13282",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1548",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-123326",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. Synology Photo Station Contains a session fixation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-13282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "VULHUB",
"id": "VHN-123326"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-13282",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-123326",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"id": "VAR-201810-0554",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123326"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:08:34.291000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-18:37",
"trust": 0.8,
"url": "https://www.synology.com/en-global/security/advisory/Synology_SA_18_37"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86523"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-384",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_37"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13282"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-13282"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-123326"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-123326"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"date": "2018-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"date": "2018-10-31T16:29:00.393000",
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-123326"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011553"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1548"
},
{
"date": "2024-11-21T03:46:45.160000",
"db": "NVD",
"id": "CVE-2018-13282"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Session fixation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011553"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1548"
}
],
"trust": 0.6
}
}
VAR-201906-0942
Vulnerability from variot - Updated: 2024-11-23 23:01SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0942",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2977"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.11-3489"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
}
]
},
"cve": "CVE-2019-11821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-11821",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-143506",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11821",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-11821",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11821",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11821",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security@synology.com",
"id": "CVE-2019-11821",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-11821",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1150",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-143506",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-11821",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143506"
},
{
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "VULHUB",
"id": "VHN-143506"
},
{
"db": "VULMON",
"id": "CVE-2019-11821"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11821",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1150",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-143506",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11821",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143506"
},
{
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"id": "VAR-201906-0942",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143506"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:01:48.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-19:01 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/Synology_SA_19_01"
},
{
"title": "Synology Photo Station SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94239"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-11821 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143506"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_19_01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11821"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11821"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/synology-dsm-photo-station-two-vulnerabilities-29658"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-11821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143506"
},
{
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143506"
},
{
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
},
{
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-143506"
},
{
"date": "2019-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"date": "2019-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1150"
},
{
"date": "2019-06-30T15:15:09.603000",
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-143506"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11821"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005898"
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1150"
},
{
"date": "2024-11-21T04:21:49.913000",
"db": "NVD",
"id": "CVE-2019-11821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005898"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1150"
}
],
"trust": 0.6
}
}
VAR-201802-0397
Vulnerability from variot - Updated: 2024-11-23 22:45Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Photo Viewer is one of the picture viewing components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "eq",
"trust": 2.4,
"vendor": "synology",
"version": "6.8.1-3458"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
}
]
},
"cve": "CVE-2017-16769",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-16769",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-107724",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2017-16769",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16769",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16769",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-107724",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Photo Viewer is one of the picture viewing components",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16769"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "VULHUB",
"id": "VHN-107724"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16769",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-107724",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"id": "VAR-201802-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-107724"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:45:26.894000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-17:76",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_76"
},
{
"title": "Synology Photo Station Photo Viewer Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100177"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-359",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_17_76"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16769"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16769"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-107724"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-23T00:00:00",
"db": "VULHUB",
"id": "VHN-107724"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"date": "2018-02-23T22:29:00.217000",
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-107724"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012734"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-366"
},
{
"date": "2024-11-21T03:16:56.240000",
"db": "NVD",
"id": "CVE-2017-16769"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-012734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-366"
}
],
"trust": 0.6
}
}
VAR-201803-0976
Vulnerability from variot - Updated: 2024-11-23 22:34Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0976",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2971"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.3-3463"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
}
]
},
"cve": "CVE-2017-16772",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-16772",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-107728",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-16772",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16772",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-16772",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-107728",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16772"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "VULHUB",
"id": "VHN-107728"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16772",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-107728",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"id": "VAR-201803-0976",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-107728"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:34:19.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-18:02 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_02"
},
{
"title": "Synology Photo Station Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100174"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-434",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16772"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16772"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-107728"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-107728"
},
{
"date": "2018-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"date": "2018-03-22T14:29:00.537000",
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-107728"
},
{
"date": "2018-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-363"
},
{
"date": "2024-11-21T03:16:56.567000",
"db": "NVD",
"id": "CVE-2017-16772"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013004"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-363"
}
],
"trust": 0.6
}
}
VAR-201906-0943
Vulnerability from variot - Updated: 2024-11-23 22:21Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0943",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2977"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.11-3489"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
}
]
},
"cve": "CVE-2019-11822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-11822",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-143507",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11822",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@synology.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11822",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-11822",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11822",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security@synology.com",
"id": "CVE-2019-11822",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-11822",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-143507",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-11822",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143507"
},
{
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "VULHUB",
"id": "VHN-143507"
},
{
"db": "VULMON",
"id": "CVE-2019-11822"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11822",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1149",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-143507",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11822",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143507"
},
{
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"id": "VAR-201906-0943",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143507"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:21:35.695000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-19:01 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/Synology_SA_19_01"
},
{
"title": "Synology Photo Station Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94238"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-11822 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-23",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143507"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/security/advisory/synology_sa_19_01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11822"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11822"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/synology-dsm-photo-station-two-vulnerabilities-29658"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-11822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143507"
},
{
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143507"
},
{
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
},
{
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-143507"
},
{
"date": "2019-06-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"date": "2019-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1149"
},
{
"date": "2019-06-30T15:15:09.683000",
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-143507"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11822"
},
{
"date": "2019-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005899"
},
{
"date": "2019-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1149"
},
{
"date": "2024-11-21T04:21:50.023000",
"db": "NVD",
"id": "CVE-2019-11822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerabilities in path traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1149"
}
],
"trust": 0.6
}
}
VAR-201803-0975
Vulnerability from variot - Updated: 2024-11-23 22:12Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Synology Photo Station Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Log Viewer is one of the log viewers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0975",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2971"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.3-3463"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
}
]
},
"cve": "CVE-2017-16771",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2017-16771",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-107727",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-16771",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16771",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16771",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-364",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-107727",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Synology Photo Station Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Log Viewer is one of the log viewers",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16771"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "VULHUB",
"id": "VHN-107727"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16771",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-107727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"id": "VAR-201803-0975",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-107727"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:12:39.153000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-18:02 Photo Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_02"
},
{
"title": "Synology Photo Station Log Viewer Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100175"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/en-global/support/security/synology_sa_18_02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16771"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16771"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-107727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-107727"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-107727"
},
{
"date": "2018-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"date": "2018-03-22T14:29:00.487000",
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-107727"
},
{
"date": "2018-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013003"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-364"
},
{
"date": "2024-11-21T03:16:56.457000",
"db": "NVD",
"id": "CVE-2017-16771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-364"
}
],
"trust": 0.6
}
}
VAR-201806-1564
Vulnerability from variot - Updated: 2024-11-23 22:00Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. Synology Photo Station Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A remote attacker could exploit this vulnerability to perform unauthorized operations with the help of multiple parameters. (Multiple parameters include: username, password, admin, action, uid, and modify_admin)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1564",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.3-2975"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.5-3471"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2944"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8.0-3456"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2944"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2960"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2965"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2964"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2963"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2962"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2968"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2970"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
}
]
},
"cve": "CVE-2018-8925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-8925",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-138957",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-8925",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8925",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2018-8925",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8925",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-644",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138957",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the (1) username, (2) password, (3) admin, (4) action, (5) uid, or (6) modify_admin parameter. Synology Photo Station Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A remote attacker could exploit this vulnerability to perform unauthorized operations with the help of multiple parameters. (Multiple parameters include: username, password, admin, action, uid, and modify_admin)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8925"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "VULHUB",
"id": "VHN-138957"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8925",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-138957",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"id": "VAR-201806-1564",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138957"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:28.716000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology_SA_18_15",
"trust": 0.8,
"url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15"
},
{
"title": "Synology Photo Station Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80838"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/zh-tw/support/security/synology_sa_18_15"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8925"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8925"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-138957"
},
{
"date": "2018-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"date": "2018-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"date": "2018-06-08T13:29:01.297000",
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138957"
},
{
"date": "2018-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005958"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-644"
},
{
"date": "2024-11-21T04:14:36.957000",
"db": "NVD",
"id": "CVE-2018-8925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005958"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-644"
}
],
"trust": 0.6
}
}
VAR-201806-1565
Vulnerability from variot - Updated: 2024-11-23 21:38Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. Synology Photo Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in Synology Photo Station versions prior to 6.8.5-3471 and versions prior to 6.3-2975
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1565",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "lt",
"trust": 1.8,
"vendor": "synology",
"version": "6.8.5-3471"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8.0-3456"
},
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "6.3-2975"
},
{
"model": "photo station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "6.3-2975"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2971"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2960"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2965"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2958"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2964"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2963"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2962"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2968"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2967"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "6.3-2970"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:photo_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
}
]
},
"cve": "CVE-2018-8926",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2018-8926",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-138958",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-8926",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8926",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@synology.com",
"id": "CVE-2018-8926",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-8926",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-138958",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. Synology Photo Station Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. A security vulnerability exists in Synology Photo Station versions prior to 6.8.5-3471 and versions prior to 6.3-2975",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8926"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "VULHUB",
"id": "VHN-138958"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8926",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-138958",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"id": "VAR-201806-1565",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:38:46.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology_SA_18_15",
"trust": 0.8,
"url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15"
},
{
"title": "Synology Photo Station Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80837"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-625",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/zh-tw/support/security/synology_sa_18_15"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8926"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8926"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138958"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-138958"
},
{
"date": "2018-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"date": "2018-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"date": "2018-06-08T13:29:01.470000",
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138958"
},
{
"date": "2018-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005959"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-643"
},
{
"date": "2024-11-21T04:14:37.077000",
"db": "NVD",
"id": "CVE-2018-8926"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Photo Station Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005959"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-643"
}
],
"trust": 0.6
}
}
VAR-202106-1480
Vulnerability from variot - Updated: 2024-08-14 15:22Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. Synology Photo Station Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202106-1480",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "photo station",
"scope": "gte",
"trust": 1.0,
"vendor": "synology",
"version": "6.8"
},
{
"model": "photo station",
"scope": "lt",
"trust": 1.0,
"vendor": "synology",
"version": "6.8.14-3500"
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": "photo station",
"scope": "eq",
"trust": 0.8,
"vendor": "synology",
"version": "6.8.14-3500"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"cve": "CVE-2021-29089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-29089",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-388629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-29089",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-007589",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-29089",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security@synology.com",
"id": "CVE-2021-29089",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2021-29089",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202106-114",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-388629",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper neutralization of special elements used in an SQL command (\u0027SQL Injection\u0027) vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. Synology Photo Station Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Synology Photo Station is a set of solutions for sharing pictures, videos and blogs on the Internet from Synology, a Taiwan-based company",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-29089"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "VULHUB",
"id": "VHN-388629"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-29089",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202106-114",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-388629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"id": "VAR-202106-1480",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388629"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:22:13.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Synology-SA-20",
"trust": 0.8,
"url": "https://www.synology.com/security/advisory/Synology_SA_20_20"
},
{
"title": "Synology Photo Station SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152616"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
},
{
"problemtype": "SQL injection (CWE-89) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_20"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29089"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388629"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
},
{
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-388629"
},
{
"date": "2022-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"date": "2021-06-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-114"
},
{
"date": "2021-06-02T03:15:06.647000",
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-388629"
},
{
"date": "2022-02-17T06:42:00",
"db": "JVNDB",
"id": "JVNDB-2021-007589"
},
{
"date": "2021-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202106-114"
},
{
"date": "2021-06-10T20:28:46.957000",
"db": "NVD",
"id": "CVE-2021-29089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology\u00a0Photo\u00a0Station\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-007589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202106-114"
}
],
"trust": 0.6
}
}