CVE-2015-6911

Synology Video Station < 1.5-0757 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.

Exploits (1)

exploitdb WORKING POC

webappscgi

https://www.exploit-db.com/exploits/38128

View Code ZIP pw:eip

References (5)

[Exploit] https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html

[Vendor Advisory] https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/536427/100/0/threaded

[Mailing List] http://seclists.org/fulldisclosure/2015/Sep/31

[Exploit] http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html

Scores

EPSS 0.0158

EPSS Percentile 81.7%

Details

CWE

CWE-89

Status published

Products (1)

synology/video_station < 1.5-0757

Published Sep 11, 2015

Tracked Since Feb 18, 2026