Vulnerability Details CVE-2021-33180
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
Products affected by CVE-2021-33180
-
cpe:2.3:a:synology:media_server:-
-
cpe:2.3:a:synology:media_server:1.0-2260
-
cpe:2.3:a:synology:media_server:1.1-2325
-
cpe:2.3:a:synology:media_server:1.1-2327
-
cpe:2.3:a:synology:media_server:1.1-2406
-
cpe:2.3:a:synology:media_server:1.1-2407
-
cpe:2.3:a:synology:media_server:1.1-2411
-
cpe:2.3:a:synology:media_server:1.2-2489
-
cpe:2.3:a:synology:media_server:1.2-2491
-
cpe:2.3:a:synology:media_server:1.2-2492
-
cpe:2.3:a:synology:media_server:1.3-2575
-
cpe:2.3:a:synology:media_server:1.4
-
cpe:2.3:a:synology:media_server:1.4-2629
-
cpe:2.3:a:synology:media_server:1.4-2642
-
cpe:2.3:a:synology:media_server:1.4-2644
-
cpe:2.3:a:synology:media_server:1.4-2649
-
cpe:2.3:a:synology:media_server:1.4-2653
-
cpe:2.3:a:synology:media_server:1.4-2654
-
cpe:2.3:a:synology:media_server:1.5-2762
-
cpe:2.3:a:synology:media_server:1.6.0-2766
-
cpe:2.3:a:synology:media_server:1.6.1-2767
-
cpe:2.3:a:synology:media_server:1.6.2-2770
-
cpe:2.3:a:synology:media_server:1.7
-
cpe:2.3:a:synology:media_server:1.7.0-2810
-
cpe:2.3:a:synology:media_server:1.7.1-2810
-
cpe:2.3:a:synology:media_server:1.7.1-2820
-
cpe:2.3:a:synology:media_server:1.7.2-2830
-
cpe:2.3:a:synology:media_server:1.7.3-2841
-
cpe:2.3:a:synology:media_server:1.7.4-2852
-
cpe:2.3:a:synology:media_server:1.7.5-2854
-
cpe:2.3:a:synology:media_server:1.7.6-2842
-
cpe:2.3:a:synology:media_server:1.7.7-2855
-
cpe:2.3:a:synology:media_server:1.7.8-2844
-
cpe:2.3:a:synology:media_server:1.7.9-2858