Vulnerability Details CVE-2017-11154
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.069
EPSS Ranking 90.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
Products affected by CVE-2017-11154
-
cpe:2.3:a:synology:photo_station:5.2-2398
-
cpe:2.3:a:synology:photo_station:5.2-2413
-
cpe:2.3:a:synology:photo_station:6.0-2636
-
cpe:2.3:a:synology:photo_station:6.0-2638
-
cpe:2.3:a:synology:photo_station:6.0-2639
-
cpe:2.3:a:synology:photo_station:6.0-2640
-
cpe:2.3:a:synology:photo_station:6.3
-
cpe:2.3:a:synology:photo_station:6.3-2944
-
cpe:2.3:a:synology:photo_station:6.3-2958
-
cpe:2.3:a:synology:photo_station:6.3-2960
-
cpe:2.3:a:synology:photo_station:6.3-2962
-
cpe:2.3:a:synology:photo_station:6.3-2963
-
cpe:2.3:a:synology:photo_station:6.3-2964
-
cpe:2.3:a:synology:photo_station:6.3-2965
-
cpe:2.3:a:synology:photo_station:6.3-2967
-
cpe:2.3:a:synology:photo_station:6.3-2968
-
cpe:2.3:a:synology:photo_station:6.3-2970
-
cpe:2.3:a:synology:photo_station:6.3-2971
-
cpe:2.3:a:synology:photo_station:6.3-2974
-
cpe:2.3:a:synology:photo_station:6.3-2975
-
cpe:2.3:a:synology:photo_station:6.3-2976
-
cpe:2.3:a:synology:photo_station:6.3-2977
-
cpe:2.3:a:synology:photo_station:6.3-2978
-
cpe:2.3:a:synology:photo_station:6.4-3166
-
cpe:2.3:a:synology:photo_station:6.5.0-3218
-
cpe:2.3:a:synology:photo_station:6.5.1-3223
-
cpe:2.3:a:synology:photo_station:6.5.2-3225
-
cpe:2.3:a:synology:photo_station:6.5.3-3226
-
cpe:2.3:a:synology:photo_station:6.6.0-3339
-
cpe:2.3:a:synology:photo_station:6.6.1-3345
-
cpe:2.3:a:synology:photo_station:6.6.2-3346
-
cpe:2.3:a:synology:photo_station:6.6.3-3347
-
cpe:2.3:a:synology:photo_station:6.7.0-3414
-
cpe:2.3:a:synology:photo_station:6.7.1-3419
-
cpe:2.3:a:synology:photo_station:6.7.2-3429