CVE-2017-11161SQL Injection in Synology Photo Station

CWE-89SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Synology Photo StationSynology Photo Station
Timeline
PublishedSep 8
Latest updateMay 13

Description

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDsynology/photo_station6.3-2967+1
CVEListV5synology/synology_photo_stationbefore 6.7.4-3433 and 6.3-2968

🔴Vulnerability Details

2
GHSA
GHSA-7fwr-pc8g-c39h: Multiple SQL injection vulnerabilities in Synology Photo Station before 62022-05-13
CVEList
CVE-2017-11161: Multiple SQL injection vulnerabilities in Synology Photo Station before 62017-09-08
CVE-2017-11161 — SQL Injection in Synology | cvebase