cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-29090,https://securityvulnerability.io/vulnerability/CVE-2021-29090,,Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.,Synology,Synology Photo Station,7.2,HIGH,0.0006799999973736703,false,false,false,false,,false,false,2021-06-02T02:15:00.000Z,0
CVE-2021-29091,https://securityvulnerability.io/vulnerability/CVE-2021-29091,,Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.,Synology,Synology Photo Station,7.7,HIGH,0.0006300000241026282,false,false,false,false,,false,false,2021-06-02T02:15:00.000Z,0
CVE-2021-29089,https://securityvulnerability.io/vulnerability/CVE-2021-29089,,Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.,Synology,Synology Photo Station,9.8,CRITICAL,0.0007399999885819852,false,false,false,false,,false,false,2021-06-02T00:00:00.000Z,0
CVE-2021-29092,https://securityvulnerability.io/vulnerability/CVE-2021-29092,,Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.,Synology,Synology Photo Station,8.8,HIGH,0.0006799999973736703,false,false,false,false,,false,false,2021-06-01T14:15:00.000Z,0
CVE-2017-16769,https://securityvulnerability.io/vulnerability/CVE-2017-16769,,Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.,Synology,Synology Photo Station,5.3,MEDIUM,0.001509999972768128,false,false,false,false,,false,false,2018-02-23T22:29:00.000Z,0
CVE-2017-12071,https://securityvulnerability.io/vulnerability/CVE-2017-12071,,Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.,Synology,Synology Photo Station,6.5,MEDIUM,0.0005499999970197678,false,false,false,false,,false,false,2017-09-08T00:00:00.000Z,0
CVE-2017-11162,https://securityvulnerability.io/vulnerability/CVE-2017-11162,,Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.,Synology,Synology Photo Station,6.5,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2017-09-08T00:00:00.000Z,0
CVE-2017-11161,https://securityvulnerability.io/vulnerability/CVE-2017-11161,,Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.,Synology,Synology Photo Station,9.8,CRITICAL,0.0008200000156648457,false,false,false,false,,false,false,2017-09-08T00:00:00.000Z,0
CVE-2017-9555,https://securityvulnerability.io/vulnerability/CVE-2017-9555,,Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.,Synology,Synology Photo Station,5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2017-08-24T00:00:00.000Z,0
CVE-2017-11154,https://securityvulnerability.io/vulnerability/CVE-2017-11154,,Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.,Synology,Synology Photo Station,7.2,HIGH,0.3718400001525879,false,false,false,false,,false,false,2017-08-08T15:29:00.000Z,0
CVE-2017-11151,https://securityvulnerability.io/vulnerability/CVE-2017-11151,,A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.,Synology,Synology Photo Station,9.8,CRITICAL,0.5258200168609619,false,false,false,false,,false,false,2017-08-08T15:29:00.000Z,0
CVE-2017-11152,https://securityvulnerability.io/vulnerability/CVE-2017-11152,,Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.,Synology,Synology Photo Station,7.5,HIGH,0.0032099999953061342,false,false,false,false,,false,false,2017-08-08T15:29:00.000Z,0
CVE-2017-11153,https://securityvulnerability.io/vulnerability/CVE-2017-11153,,Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.,Synology,Synology Photo Station,9.8,CRITICAL,0.7765200138092041,false,false,false,false,,false,false,2017-08-08T15:29:00.000Z,0
CVE-2017-11155,https://securityvulnerability.io/vulnerability/CVE-2017-11155,,An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.,Synology,Synology Photo Station,7.5,HIGH,0.36708998680114746,false,false,false,false,,false,false,2017-07-31T00:00:00.000Z,0
CVE-2017-9552,https://securityvulnerability.io/vulnerability/CVE-2017-9552,,"A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user program to authenticate username and password by ""synophoto_dsm_user --auth USERNAME PASSWORD"", and local users are able to obtain credentials by sniffing ""/proc/*/cmdline"".",Synology,Synology Photo Station,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2017-06-13T13:00:00.000Z,0
CVE-2016-10331,https://securityvulnerability.io/vulnerability/CVE-2016-10331,,Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.,Synology,Synology Photo Station,7.5,HIGH,0.009270000271499157,false,false,false,false,,false,false,2017-05-12T20:00:00.000Z,0
CVE-2016-10330,https://securityvulnerability.io/vulnerability/CVE-2016-10330,,"Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.",Synology,Synology Photo Station,7.1,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2017-05-12T20:00:00.000Z,0
CVE-2016-10329,https://securityvulnerability.io/vulnerability/CVE-2016-10329,,Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.,Synology,Synology Photo Station,9.8,CRITICAL,0.03206999972462654,false,false,false,false,,false,false,2017-05-12T20:00:00.000Z,0
CVE-2012-1556,https://securityvulnerability.io/vulnerability/CVE-2012-1556,,Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.,Synology,"Diskstation Manager,Synology Photo Station",,,0.0038900000508874655,false,false,false,false,,false,false,2014-09-12T14:00:00.000Z,0