CVE-2017-12079Files or Directories Accessible to External Parties in Synology Photo Station

CWE-552Files or Directories Accessible to External PartiesCWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 46.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Photo Station
Timeline
PublishedDec 4
Latest updateMay 13

Description

Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDsynology/photo_station6.86.8.1-3458+1
CVEListV5synology/photo_stationbefore 6.3-2970, before 6.8.1-3458+1

🔴Vulnerability Details

2
GHSA
GHSA-frc9-5h6p-f7f3: Files or directories accessible to external parties vulnerability in picasa2022-05-13
CVEList
CVE-2017-12079: Files or directories accessible to external parties vulnerability in picasa2017-12-04
CVE-2017-12079 — Synology Photo Station vulnerability | cvebase