CVE-2021-29090 — SQL Injection in Synology Photo Station
Severity
7.2HIGHNVD
EPSS
1.0%
top 22.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 2
Latest updateMay 24
Description
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-qh9r-964g-2889: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6↗2022-05-24
CVEList▶
CVE-2021-29090: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6↗2021-06-02