CVE-2017-11161

Summary

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

Affected Software

VendorProductVersion RangeStatus
SynologySynology Photo Stationbefore 6.7.4-3433 and 6.3-2968affected

Weaknesses

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command (CWE-89)

ADP Enrichment

CVE Program Container

Additional References

References