CVE-2018-13299

Summary

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

Affected Software

VendorProductVersion RangeStatus
SynologyCalendarunspecified < 2.2.2-0532affected

Weaknesses

  • CWE-23: Relative Path Traversal (CWE-23)

ADP Enrichment

CVE Program Container

Additional References

References