CVE-2016-10331Path Traversal in Synology Photo Station

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Photo StationSynology Photo Station
Timeline
PublishedMay 12
Latest updateMay 13

Description

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDsynology/photo_station6.5.2-3225
CVEListV5synology/synology_photo_stationAll versions prior to version 6.5.3-3226

🔴Vulnerability Details

2
GHSA
GHSA-j6hj-9pq4-66f2: Directory traversal vulnerability in download2022-05-13
CVEList
CVE-2016-10331: Directory traversal vulnerability in download2017-05-12
CVE-2016-10331 — Path Traversal in Synology | cvebase