CVE-2016-10331

Summary

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.

Affected Software

VendorProductVersion RangeStatus
SynologySynology Photo StationAll versions prior to version 6.5.3-3226affected

Weaknesses

  • CWE-22: Directory Traversal (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References