Synology-SA-19:01 Photo Station

Publish Time: 2019-01-02 11:16:52 UTC+8

Last Updated: 2019-01-02 11:16:52 UTC+8

Severity
Important
Status
Resolved

Abstract

These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station.

Affected Products

Product Severity Fixed Release Availability
Photo Station 6.8 Important Upgrade to 6.8.11-3489 or above.
Photo Station 6.3 Important Upgrade to 6.3-2977 or above.

Mitigation

None

Detail

Reserved

Acknowledgement

Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Revision

Revision Date Description
1 2019-01-02 Initial public release.