CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-29089

CVSS 9.8v3.1pub. 2021-06-02upd. 2024-11-21

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Synology Photo Station

    APP
    Synology
    6.8 – 6.8.14-3500 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2017-11161CRITICAL9.8ten sam produkt

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote a...

CVE-2017-11151CRITICAL9.8ten sam produkt

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote...

CVE-2017-11153CRITICAL9.8ten sam produkt

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3...

CVE-2016-10329CRITICAL9.8ten sam produkt

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attacke...

CVE-2022-22681HIGH8.1ten sam produkt

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allow...