Permissive Regular Expression Vulnerability in Synology Photo Station
CVE-2018-8926

8.8HIGH

Key Information:

Vendor: Synology
Status: Photo Station
Vendor: CVE Published:; 8 June 2018

What is CVE-2018-8926?

A permissive regular expression vulnerability exists in the synophoto_dsm_user component of Synology Photo Station prior to version 6.8.5-3471 and earlier than 6.3-2975. This flaw allows remote authenticated users to exploit the fullname parameter, potentially granting them elevated privileges and unauthorized access within the system. Proper input validation and sanitation measures should be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

Photo Station < 6.8.5-3471

Photo Station < 6.3-2975

References

https://www.synology.com/zh-tw/support/security/Synology_...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2018
Vulnerability Reserved
Mar 22, 2018