U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:synology:photo_station:6.8.13-3499:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2022-22681

Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.

Published: July 06, 2022; 4:15:07 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-29089

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.

Published: June 01, 2021; 11:15:06 PM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-29091

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to write arbitrary files via unspecified vectors.

Published: June 01, 2021; 10:15:07 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-29090

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.

Published: June 01, 2021; 10:15:06 PM -0400 		V4.0:(not available)
 V3.1: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2021-29092

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via unspecified vectors.

Published: June 01, 2021; 10:15:09 AM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM