CVE-2018-8926
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Synology | Photo Station | unspecified < 6.8.5-3471 | affected |
| Synology | Photo Station | unspecified < 6.3-2975 | affected |
Weaknesses
- CWE-625: Permissive Regular Expression (CWE-625)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.