Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6955Synology Diskstation Manager vulnerability

CWE-2644 documents4 sources
Severity
10.0CRITICALNVD
EPSS
83.3%
top 0.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Synology Diskstation Manager
Timeline
PublishedJan 9
Latest updateMay 17

Description

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-cf8x-55vw-78gp: webman/imageSelector2022-05-17
CVEList
CVE-2013-6955: webman/imageSelector2014-01-09

💥Exploits & PoCs

1
Exploit-DB
Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution (Metasploit)2013-12-24
CVE-2013-6955 — Synology vulnerability | cvebase