Abstract
Multiple vulnerabilities allow remote attackers to execute arbitrary code via a susceptible version of Photo Station.
Affected Products
Product |
Severity |
Fixed Release Availability |
Photo Station 6.8[1] |
Critical |
Upgrade to 6.8.14-3500 or above. |
[1] Photo Station 6.3 has reached End-of-Life (EOL) status since 2019-07-01. For user who uses Photo Station 6.3, please upgrade to DSM 6.2 for the latest Photo Station 6.8.
Mitigation
None
Detail
CVE-2021-29089
- Severity: Critical
- CVSS3 Base Score: 9.8
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.
CVE-2021-29090
- Severity: Important
- CVSS3 Base Score: 7.2
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
CVE-2021-29091
- Severity: Important
- CVSS3 Base Score: 7.7
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
- Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.
CVE-2021-29092
- Severity: Important
- CVSS3 Base Score: 8.8
- CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.
Acknowledgement
Bing-Jhong Jheng
Revision
Revision |
Date |
Description |
1 |
2020-09-15 |
Initial public release. |
2 |
2021-06-30 |
Disclosed vulnerability details. |