Synology Photo Station — known CVE vulnerabilities
Every CVE whose affected-product data names Synology Photo Station, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2021-29089 — CVSS 9.8 (critical): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo…
CVE-2016-10329 — CVSS 9.8 (critical): Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code…
CVE-2017-11151 — CVSS 9.8 (critical): A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload…
CVE-2017-11153 — CVSS 9.8 (critical): Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers…
CVE-2017-11161 — CVSS 9.8 (critical): Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary…
CVE-2021-29092 — CVSS 8.8 (high): Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500…
CVE-2016-10322 — CVSS 8.8 (high): Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in…
CVE-2018-8926 — CVSS 8.8 (high): Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows…
CVE-2018-8925 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows…
CVE-2017-16772 — CVSS 8.8 (high): Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971…
CVE-2022-22681 — CVSS 8.1 (high): Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass…
CVE-2016-10323 — CVSS 7.8 (high): Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user…
CVE-2017-9552 — CVSS 7.8 (high): A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline…
CVE-2021-29091 — CVSS 7.7 (high): Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo…
CVE-2017-12079 — CVSS 7.5 (high): Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before…
CVE-2016-10331 — CVSS 7.5 (high): Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary…
CVE-2017-11152 — CVSS 7.5 (high): Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote…
CVE-2017-11155 — CVSS 7.5 (high): An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to…
CVE-2019-11821 — CVSS 7.3 (high): SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote…
CVE-2021-29090 — CVSS 7.2 (high): Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo…
CVE-2017-11154 — CVSS 7.2 (high): Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote…
CVE-2016-10330 — CVSS 7.1 (high): Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local…
CVE-2017-12071 — CVSS 6.5 (medium): Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote…
CVE-2017-11162 — CVSS 6.5 (medium): Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users…
CVE-2017-16771 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote…
CVE-2018-13282 — CVSS 5.6 (medium): Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web…
CVE-2015-9102 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote…
CVE-2017-9555 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to…
CVE-2017-12072 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated…
CVE-2017-12080 — CVSS 5.3 (medium): An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970…
CVE-2017-16769 — CVSS 5.3 (medium): Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain…
CVE-2019-11822 — CVSS 4.3 (medium): Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows…
CVE-2015-4656 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary…