Vulnerability Details CVE-2022-27613
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.0%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2022-27613
-
cpe:2.3:a:synology:carddav_server:5.2.0-0019
-
cpe:2.3:a:synology:carddav_server:5.2.0-0021
-
cpe:2.3:a:synology:carddav_server:5.2.0-0026
-
cpe:2.3:a:synology:carddav_server:5.2.0-0027
-
cpe:2.3:a:synology:carddav_server:5.2.0-0028
-
cpe:2.3:a:synology:carddav_server:6.0.0-0074
-
cpe:2.3:a:synology:carddav_server:6.0.2-0077
-
cpe:2.3:a:synology:carddav_server:6.0.3-0078
-
cpe:2.3:a:synology:carddav_server:6.0.4-0080
-
cpe:2.3:a:synology:carddav_server:6.0.5-0081
-
cpe:2.3:a:synology:carddav_server:6.0.6-0083
-
cpe:2.3:a:synology:carddav_server:6.0.7-0085
-
cpe:2.3:a:synology:carddav_server:6.0.8-0086
-
cpe:2.3:a:synology:carddav_server:6.0.9-0087