Synology-SA-19:01 Photo Station

Publish Time: 2019-01-02 11:16:52 UTC+8

Last Updated: 2019-06-30 22:56:08 UTC+8

Severity
Important
Status
Resolved

Abstract

These vulnerabilities allow remote attackers to execute arbitrary SQL commands and remote authenticated users to upload arbitrary files via a susceptible version of Photo Station.

Affected Products

Product Severity Fixed Release Availability
Photo Station 6.8 Important Upgrade to 6.8.11-3489 or above.
Photo Station 6.3 Important Upgrade to 6.3-2977 or above.

Mitigation

None

Detail

  • CVE-2019-11821

    • Severity: Important
    • CVSS3 Base Score: 7.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    • SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
  • CVE-2019-11822

    • Severity: Moderate
    • CVSS3 Base Score: 4.3
    • CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    • Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.

Acknowledgement

Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Revision

Revision Date Description
1 2019-01-02 Initial public release.
2 2019-06-30 Disclosed vulnerability details.