SQL Injection Vulnerabilities in Synology Photo Station
CVE-2017-11161

9.8CRITICAL

Key Information:

Vendor: Synology
Status: Synology Photo Station
Vendor: CVE Published:; 8 September 2017

Summary

Multiple SQL injection vulnerabilities exist in Synology Photo Station that enable remote attackers to execute arbitrary SQL commands. These vulnerabilities can be exploited through specific parameter manipulation in HTTP requests. Affected versions are 6.7.4-3433 and earlier, as well as 6.3-2968 and earlier, emphasizing the need for users to upgrade to secure their systems against unauthorized database access.

Affected Version(s)

Synology Photo Station before 6.7.4-3433 and 6.3-2968

References

https://www.synology.com/en-global/support/security/Synol...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 8, 2017
Vulnerability Reserved
Jul 10, 2017