Vulnerability Details CVE-2017-11151
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.148
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-11151
-
cpe:2.3:a:synology:photo_station:5.2-2398
-
cpe:2.3:a:synology:photo_station:5.2-2413
-
cpe:2.3:a:synology:photo_station:6.0-2636
-
cpe:2.3:a:synology:photo_station:6.0-2638
-
cpe:2.3:a:synology:photo_station:6.0-2639
-
cpe:2.3:a:synology:photo_station:6.0-2640
-
cpe:2.3:a:synology:photo_station:6.3
-
cpe:2.3:a:synology:photo_station:6.3-2944
-
cpe:2.3:a:synology:photo_station:6.3-2958
-
cpe:2.3:a:synology:photo_station:6.3-2960
-
cpe:2.3:a:synology:photo_station:6.3-2962
-
cpe:2.3:a:synology:photo_station:6.3-2963
-
cpe:2.3:a:synology:photo_station:6.3-2964
-
cpe:2.3:a:synology:photo_station:6.3-2965
-
cpe:2.3:a:synology:photo_station:6.3-2967
-
cpe:2.3:a:synology:photo_station:6.3-2968
-
cpe:2.3:a:synology:photo_station:6.3-2970
-
cpe:2.3:a:synology:photo_station:6.3-2971
-
cpe:2.3:a:synology:photo_station:6.3-2974
-
cpe:2.3:a:synology:photo_station:6.3-2975
-
cpe:2.3:a:synology:photo_station:6.3-2976
-
cpe:2.3:a:synology:photo_station:6.3-2977
-
cpe:2.3:a:synology:photo_station:6.3-2978
-
cpe:2.3:a:synology:photo_station:6.4-3166
-
cpe:2.3:a:synology:photo_station:6.5.0-3218
-
cpe:2.3:a:synology:photo_station:6.5.1-3223
-
cpe:2.3:a:synology:photo_station:6.5.2-3225
-
cpe:2.3:a:synology:photo_station:6.5.3-3226
-
cpe:2.3:a:synology:photo_station:6.6.0-3339
-
cpe:2.3:a:synology:photo_station:6.6.1-3345
-
cpe:2.3:a:synology:photo_station:6.6.2-3346
-
cpe:2.3:a:synology:photo_station:6.6.3-3347
-
cpe:2.3:a:synology:photo_station:6.7.0-3414
-
cpe:2.3:a:synology:photo_station:6.7.1-3419
-
cpe:2.3:a:synology:photo_station:6.7.2-3429