CVE-2017-16772

HIGH

Synology Photo Station <6.8.3-3463, <6.3-2971 - RCE

Title source: llm
STIX 2.1

Description

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0131
EPSS Percentile 79.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434 CWE-20
Status published
Products (1)
synology/photo_station 6.8 - 6.8.3-3463
Published Mar 22, 2018
Tracked Since Feb 18, 2026