Vulnerability Details CVE-2016-10331
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-06-Local-File-Inclusion
- https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226
- https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-06-Local-File-Inclusion
- https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226
Products affected by CVE-2016-10331
-
cpe:2.3:a:synology:photo_station:5.2-2398
-
cpe:2.3:a:synology:photo_station:5.2-2413
-
cpe:2.3:a:synology:photo_station:6.0-2636
-
cpe:2.3:a:synology:photo_station:6.0-2638
-
cpe:2.3:a:synology:photo_station:6.0-2639
-
cpe:2.3:a:synology:photo_station:6.0-2640
-
cpe:2.3:a:synology:photo_station:6.3
-
cpe:2.3:a:synology:photo_station:6.3-2944
-
cpe:2.3:a:synology:photo_station:6.3-2958
-
cpe:2.3:a:synology:photo_station:6.3-2960
-
cpe:2.3:a:synology:photo_station:6.3-2962
-
cpe:2.3:a:synology:photo_station:6.3-2963
-
cpe:2.3:a:synology:photo_station:6.3-2964
-
cpe:2.3:a:synology:photo_station:6.3-2965
-
cpe:2.3:a:synology:photo_station:6.3-2967
-
cpe:2.3:a:synology:photo_station:6.3-2968
-
cpe:2.3:a:synology:photo_station:6.3-2970
-
cpe:2.3:a:synology:photo_station:6.3-2971
-
cpe:2.3:a:synology:photo_station:6.3-2974
-
cpe:2.3:a:synology:photo_station:6.3-2975
-
cpe:2.3:a:synology:photo_station:6.3-2976
-
cpe:2.3:a:synology:photo_station:6.3-2977
-
cpe:2.3:a:synology:photo_station:6.3-2978
-
cpe:2.3:a:synology:photo_station:6.4-3166
-
cpe:2.3:a:synology:photo_station:6.5.0-3218
-
cpe:2.3:a:synology:photo_station:6.5.1-3223
-
cpe:2.3:a:synology:photo_station:6.5.2-3225