CVE-2018-13282

Summary

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

Affected Software

VendorProductVersion RangeStatus
SynologyPhoto Stationunspecified < 6.8.7-3481affected

Weaknesses

  • CWE-384: Session Fixation (CWE-384)

ADP Enrichment

CVE Program Container

Additional References

References