Vulnerability Details CVE-2024-10443
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.697
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2024-10443
-
cpe:2.3:a:synology:beephotos:-
-
cpe:2.3:a:synology:beephotos:1.0.1-10011
-
cpe:2.3:a:synology:beephotos:1.0.1-10015
-
cpe:2.3:a:synology:beephotos:1.0.2-10018
-
cpe:2.3:a:synology:beephotos:1.0.2-10025
-
cpe:2.3:a:synology:beephotos:1.0.2-10026
-
cpe:2.3:a:synology:beephotos:1.1.0-10052
-
cpe:2.3:a:synology:photos:1.0.0-0182
-
cpe:2.3:a:synology:photos:1.0.0-0186
-
cpe:2.3:a:synology:photos:1.0.0-0190
-
cpe:2.3:a:synology:photos:1.0.1-0194
-
cpe:2.3:a:synology:photos:1.1.0-0224
-
cpe:2.3:a:synology:photos:1.2.0-0263
-
cpe:2.3:a:synology:photos:1.3.0-0317
-
cpe:2.3:a:synology:photos:1.3.2-0327
-
cpe:2.3:a:synology:photos:1.3.3-0330
-
cpe:2.3:a:synology:photos:1.4.0-0458
-
cpe:2.3:a:synology:photos:1.4.0-0459
-
cpe:2.3:a:synology:photos:1.5.0-0488
-
cpe:2.3:a:synology:photos:1.5.0-0489
-
cpe:2.3:a:synology:photos:1.6.0-0629
-
cpe:2.3:a:synology:photos:1.6.1-0641
-
cpe:2.3:a:synology:photos:1.6.2-0710
-
cpe:2.3:a:synology:photos:1.7.0-0794
-
cpe:2.3:o:synology:beestation_os:1.0
-
cpe:2.3:o:synology:beestation_os:1.1
-
cpe:2.3:o:synology:diskstation_manager:7.2
-
cpe:2.3:o:synology:diskstation_manager:7.2.2