Vulnerability Details CVE-2018-8927
Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 4.0
References
Products affected by CVE-2018-8927
-
cpe:2.3:a:synology:calendar:1.0.0-0121
-
cpe:2.3:a:synology:calendar:1.0.2-0131
-
cpe:2.3:a:synology:calendar:1.0.3-0132
-
cpe:2.3:a:synology:calendar:1.1.0-0146
-
cpe:2.3:a:synology:calendar:2.0.0-0241
-
cpe:2.3:a:synology:calendar:2.0.1-0242
-
cpe:2.3:a:synology:calendar:2.1.0-0425
-
cpe:2.3:a:synology:calendar:2.1.1-0502