HIGH🇬🇧 English

CVE-2018-8926

CVSS 8.8v3.0pub. 2018-06-08upd. 2024-11-21

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Synology Photo Station

    APP
    Synology
    6.3-2958 – 6.3-29756.8.0-3456 – 6.8.5-3471 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2021-29089CRITICAL9.8ten sam produkt

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnai...

CVE-2017-11161CRITICAL9.8ten sam produkt

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote a...

CVE-2017-11151CRITICAL9.8ten sam produkt

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote...

CVE-2017-11153CRITICAL9.8ten sam produkt

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3...

CVE-2016-10329CRITICAL9.8ten sam produkt

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attacke...