CVE-2017-11153

Summary

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

Affected Software

VendorProductVersion RangeStatus
SynologySynology Photo Stationbefore 6.7.3-3432 and 6.3-2967affected

Weaknesses

  • CWE-502: Deserialization of Untrusted Data (CWE-502)

ADP Enrichment

CVE Program Container

Additional References

References