CVE-2021-43926SQL Injection in Synology Diskstation Manager

CWE-89SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
CNA4.7
EPSS
0.4%
top 38.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Synology Diskstation Manager
Timeline
PublishedFeb 7
Latest updateFeb 8

Description

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5synology/diskstation_managerunspecified7.0.1-42218-2
NVDsynology/diskstation_manager6.26.2.4-25556-3+1

🔴Vulnerability Details

2
GHSA
GHSA-498m-2jp9-66x5: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskSta2022-02-08
CVEList
CVE-2021-43926: Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskSta2022-02-07
CVE-2021-43926 — SQL Injection in Synology | cvebase