SQL Injection Vulnerability in Synology Photo Station
CVE-2019-11821

7.3HIGH

Key Information:

Vendor: Synology
Status: Photo Station
Vendor: CVE Published:; 30 June 2019

Summary

A SQL injection vulnerability in the synophoto_csPhotoDB.php file of Synology Photo Station allows remote attackers to execute arbitrary SQL commands by manipulating the 'type' parameter. This can expose sensitive database information and potentially lead to unauthorized actions within the application, making it crucial for users to apply the necessary updates to their systems.

Affected Version(s)

Photo Station < 6.8.11-3489

Photo Station < 6.3-2977

References

https://www.synology.com/security/advisory/Synology_SA_19_01

x_refsource_CONFIRM

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2019
Vulnerability Reserved
May 8, 2019