Cross-Site Request Forgery Vulnerability in Synology Photo Station
CVE-2018-8925
8.8HIGH
What is CVE-2018-8925?
A cross-site request forgery (CSRF) vulnerability exists in the admin/user.php function of Synology Photo Station before versions 6.8.5-3471 and 6.3-2975. This flaw allows remote attackers to exploit user sessions, leading to unauthorized actions by hijacking the authentication of administrators. By manipulating parameters such as username, password, action, or others, an attacker can gain control over administrator operations, posing a significant security risk.
Affected Version(s)
Photo Station < 6.8.5-3471
Photo Station < 6.3-2975