Synology-SA-17:35 Photo Station

2017-08-03 11:01:00

Severity
Critical
Status
Resolved

Abstract

Several vulnerabilities have been found in Photo Station:

  • CVE-2017-11161 allows remote attackers to obtain the administrator privileges.
  • CVE-2017-11162 allows remote authenticated attackers to read arbitrary files.
  • CVE-2017-12071 allows remote authenticated attackers to download arbitrary local files.

Severity

Affected

  • Products
    • Photo Station before 6.7.4-3433 and 6.3-2968
  • Models
    • All Synology models

Description

  • CVE-2017-11161
    Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.
  • CVE-2017-11162
    Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors.
  • CVE-2017-12071
    Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

Mitigation

None

Update Availability

To fix the security issues, please go to DSM > Package Center and update Photo Station to 6.7.4-3433 (6.3-2968 for DSM 5.2 users) or above.