Vulnerability Details CVE-2018-8914
SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.9%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
Products affected by CVE-2018-8914
-
cpe:2.3:a:synology:media_server:1.4
-
cpe:2.3:a:synology:media_server:1.4-2629
-
cpe:2.3:a:synology:media_server:1.4-2642
-
cpe:2.3:a:synology:media_server:1.4-2644
-
cpe:2.3:a:synology:media_server:1.4-2649
-
cpe:2.3:a:synology:media_server:1.4-2653
-
cpe:2.3:a:synology:media_server:1.7
-
cpe:2.3:a:synology:media_server:1.7.0-2810
-
cpe:2.3:a:synology:media_server:1.7.1-2810
-
cpe:2.3:a:synology:media_server:1.7.1-2820
-
cpe:2.3:a:synology:media_server:1.7.2-2830
-
cpe:2.3:a:synology:media_server:1.7.3-2841
-
cpe:2.3:a:synology:media_server:1.7.4-2852
-
cpe:2.3:a:synology:media_server:1.7.5-2854