exploitDog

GHSA-xgf8-6gvg-9rvw

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

Ссылки

EPSS

Процентиль: 94%

0.14779

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2017-11151

CVSS3: 9.8

nvd

больше 8 лет назад

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

EPSS

Процентиль: 94%

0.14779

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-287