exploitDog

CVE-2013-6955

Опубликовано: 09 янв. 2014

Источник: nvd

CVSS2: 10

EPSS Высокий

Описание

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

Ссылки

http://www.kb.cert.org/vuls/id/615910
US Government Resource
http://www.kb.cert.org/vuls/id/615910
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:synology:diskstation_manager:4.0:*:*:*:*:*:*:*

cpe:2.3:o:synology:diskstation_manager:4.2:*:*:*:*:*:*:*

cpe:2.3:o:synology:diskstation_manager:4.3:*:*:*:*:*:*:*

cpe:2.3:o:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.83314

Высокий

10 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-cf8x-55vw-78gp

github

больше 3 лет назад

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

EPSS

Процентиль: 99%

0.83314

Высокий

10 Critical

CVSS2

Дефекты

CWE-264