Vulnerability Details CVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2017-12071
-
cpe:2.3:a:synology:photo_station:5.2-2398
-
cpe:2.3:a:synology:photo_station:5.2-2413
-
cpe:2.3:a:synology:photo_station:6.0-2636
-
cpe:2.3:a:synology:photo_station:6.0-2638
-
cpe:2.3:a:synology:photo_station:6.0-2639
-
cpe:2.3:a:synology:photo_station:6.0-2640
-
cpe:2.3:a:synology:photo_station:6.3
-
cpe:2.3:a:synology:photo_station:6.3-2944
-
cpe:2.3:a:synology:photo_station:6.3-2958
-
cpe:2.3:a:synology:photo_station:6.3-2960
-
cpe:2.3:a:synology:photo_station:6.3-2962
-
cpe:2.3:a:synology:photo_station:6.3-2963
-
cpe:2.3:a:synology:photo_station:6.3-2964
-
cpe:2.3:a:synology:photo_station:6.3-2965
-
cpe:2.3:a:synology:photo_station:6.3-2967
-
cpe:2.3:a:synology:photo_station:6.3-2968
-
cpe:2.3:a:synology:photo_station:6.3-2970
-
cpe:2.3:a:synology:photo_station:6.3-2971
-
cpe:2.3:a:synology:photo_station:6.3-2974
-
cpe:2.3:a:synology:photo_station:6.3-2975
-
cpe:2.3:a:synology:photo_station:6.3-2976
-
cpe:2.3:a:synology:photo_station:6.3-2977
-
cpe:2.3:a:synology:photo_station:6.3-2978
-
cpe:2.3:a:synology:photo_station:6.4-3166
-
cpe:2.3:a:synology:photo_station:6.5.0-3218
-
cpe:2.3:a:synology:photo_station:6.5.1-3223
-
cpe:2.3:a:synology:photo_station:6.5.2-3225
-
cpe:2.3:a:synology:photo_station:6.5.3-3226
-
cpe:2.3:a:synology:photo_station:6.6.0-3339
-
cpe:2.3:a:synology:photo_station:6.6.1-3345
-
cpe:2.3:a:synology:photo_station:6.6.2-3346
-
cpe:2.3:a:synology:photo_station:6.6.3-3347
-
cpe:2.3:a:synology:photo_station:6.7.0-3414
-
cpe:2.3:a:synology:photo_station:6.7.1-3419
-
cpe:2.3:a:synology:photo_station:6.7.2-3429
-
cpe:2.3:a:synology:photo_station:6.7.3-3432