Synology-SA-17:35 Photo Station
Publish Time: 2017-08-03 00:00:00 UTC+8
Last Updated: 2017-08-03 11:01:00 UTC+8
- Severity
- Critical
- Status
- Resolved
Abstract
Several vulnerabilities have been found in Photo Station:
- CVE-2017-11161 allows remote attackers to obtain the administrator privileges.
- CVE-2017-11162 allows remote authenticated attackers to read arbitrary files.
- CVE-2017-12071 allows remote authenticated attackers to download arbitrary local files.
Severity
- CVE-2017-11161
- Impact: Critical
- CVSS3 Base Score: 9.1
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- CVE-2017-11162
- Impact: Important
- CVSS3 Base Score: 6.5
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CVE-2017-12071
- Impact: Moderate
- CVSS3 Base Score: 4.3
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected
- Products
- Photo Station before 6.7.4-3433 and 6.3-2968
- Models
- All Synology models
Description
- CVE-2017-11161
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php. - CVE-2017-11162
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to read arbitrary files via unspecified vectors. - CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Mitigation
None
Update Availability
To fix the security issues, please go to DSM > Package Center and update Photo Station to 6.7.4-3433 (6.3-2968 for DSM 5.2 users) or above.