Vulnerability Details CVE-2018-13288
Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2018-13288
-
cpe:2.3:a:synology:file_station:1.1.0-0075
-
cpe:2.3:a:synology:file_station:1.1.1-0095
-
cpe:2.3:a:synology:file_station:1.1.1-0099
-
cpe:2.3:a:synology:file_station:1.1.1-0103
-
cpe:2.3:a:synology:file_station:1.1.1-0110
-
cpe:2.3:a:synology:file_station:1.1.2-0115
-
cpe:2.3:a:synology:file_station:1.1.3-0120
-
cpe:2.3:a:synology:file_station:1.1.4-0122
-
cpe:2.3:a:synology:file_station:1.1.4-0123
-
cpe:2.3:a:synology:file_station:1.2.0-0218
-
cpe:2.3:a:synology:file_station:1.2.1-0228
-
cpe:2.3:a:synology:file_station:1.2.2-0246