CVE-2017-15894

Summary

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Affected Software

VendorProductVersion RangeStatus
SynologySynology DiskStation Manager (DSM)6.0.x before 6.0.3-8754-3affected
SynologySynology DiskStation Manager (DSM)before 5.2-5967-6affected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References