CVE-2017-15893

Summary

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Affected Software

VendorProductVersion RangeStatus
SynologySynology File Stationbefore 1.1.1-0099affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References