Vulnerability Details CVE-2021-29090
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2021-29090
-
cpe:2.3:a:synology:photo_station:6.8
-
cpe:2.3:a:synology:photo_station:6.8.0-3456
-
cpe:2.3:a:synology:photo_station:6.8.1-3458
-
cpe:2.3:a:synology:photo_station:6.8.10-3487
-
cpe:2.3:a:synology:photo_station:6.8.11-3489
-
cpe:2.3:a:synology:photo_station:6.8.12-3496
-
cpe:2.3:a:synology:photo_station:6.8.13-3499
-
cpe:2.3:a:synology:photo_station:6.8.2-3461
-
cpe:2.3:a:synology:photo_station:6.8.3-3463
-
cpe:2.3:a:synology:photo_station:6.8.4-3468
-
cpe:2.3:a:synology:photo_station:6.8.5-3471
-
cpe:2.3:a:synology:photo_station:6.8.6-3479
-
cpe:2.3:a:synology:photo_station:6.8.7-3481
-
cpe:2.3:a:synology:photo_station:6.8.8-3482
-
cpe:2.3:a:synology:photo_station:6.8.9-3483