Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NSynology Photo Station
APPSynology< 6.8.16-3506
π’
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2021-29089CRITICAL9.8ten sam produkt
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnai...
CVE-2017-11161CRITICAL9.8ten sam produkt
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote a...
CVE-2017-11151CRITICAL9.8ten sam produkt
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote...
CVE-2017-11153CRITICAL9.8ten sam produkt
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3...
CVE-2016-10329CRITICAL9.8ten sam produkt
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attacke...