threat
engine
.sh
Back
·
··:··
Home
/
Product
/
synology photo station
Product
synology photo station
59 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2017-20210
all versions
Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by intern
9.8
CRITICAL
CVE-2024-12923
>= 6.4.0 and < 6.4.5
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If a remote attacker gains a user account, t
5.4
MEDIUM
CVE-2024-32770
>= 6.4.0 and < 6.4.3
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow
6.3
MEDIUM
CVE-2024-32769
>= 6.4.0 and < 6.4.3
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow
6.3
MEDIUM
CVE-2024-32768
>= 6.4.0 and < 6.4.3
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow
6.3
MEDIUM
CVE-2024-32767
>= 6.4.0 and < 6.4.3
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow
6.3
MEDIUM
CVE-2023-47221
>= 6.4.0 and < 6.4.2
A path traversal vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticate
5.5
MEDIUM
CVE-2023-47562
>= 6.4.0 and < 6.4.2
An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authe
7.4
HIGH
CVE-2023-47561
>= 6.4.0 and < 6.4.2
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow
5.5
MEDIUM
CVE-2022-27593
< 5.2.14
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If expl
10.0
CRITICAL
CVE-2022-22681
< 6.8.16-3506
Session fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers t
8.1
HIGH
CVE-2021-44057
< 5.4.13
An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnera
7.1
HIGH
CVE-2021-34356
< 6.0.18
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulne
7.6
HIGH
CVE-2021-34355
< 5.4.10
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerab
7.6
HIGH
CVE-2021-34354
< 6.0.18
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulne
7.6
HIGH
CVE-2021-29089
>= 6.8 and < 6.8.14-3500
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synol
9.8
CRITICAL
CVE-2021-29091
>= 6.8 and < 6.8.14-3500
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synol
7.7
HIGH
CVE-2021-29090
>= 6.8 and < 6.8.14-3500
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Ph
7.2
HIGH
CVE-2021-29092
>= 6.8 and < 6.8.14-3500
Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14
8.8
HIGH
CVE-2020-2502
< 6.0.11
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fi
6.1
MEDIUM
CVE-2020-2491
< 6.0.12
This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fi
6.1
MEDIUM
CVE-2018-19956
>= 5.7.0 and < 5.7.11
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerabil
6.1
MEDIUM
CVE-2018-19955
>= 5.7.0 and < 5.7.11
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerabil
6.1
MEDIUM
CVE-2018-19954
>= 5.7.0 and < 5.7.11
The cross-site scripting vulnerability has been reported to affect earlier versions of Photo Station. If exploited, the vulnerabil
6.1
MEDIUM
CVE-2019-7195
< 6.0.3
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln
9.8
CRITICAL
CVE-2019-7194
< 6.0.3
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vuln
9.8
CRITICAL
CVE-2019-7192
< 6.0.3
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnera
9.8
CRITICAL
CVE-2019-11822
>= 6.3 and < 6.3-2977
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 a
4.3
MEDIUM
CVE-2019-11821
>= 6.3 and < 6.3-2977
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows rem
7.3
HIGH
CVE-2018-0722
>= 5.7.0 and <= 5.7.2
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and
7.5
HIGH
CVE-2018-13282
>= 6.3 and < 6.3-2976
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hi
5.6
MEDIUM
CVE-2018-0715
<= 5.7.0
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascr
6.1
MEDIUM
CVE-2018-8926
>= 6.3-2958 and <= 6.3-2975
Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975
8.8
HIGH
CVE-2018-8925
>= 6.3-2944 and < 6.3-2975
Cross-site request forgery (CSRF) vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975
8.8
HIGH
CVE-2017-13073
>= 5.2.0 and <= 5.2.7
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions c
6.1
MEDIUM
CVE-2017-16772
>= 6.8 and < 6.8.3-3463
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3
8.8
HIGH
CVE-2017-16771
>= 6.8 and < 6.8.3-3463
Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remo
6.1
MEDIUM
CVE-2017-16769
all versions
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obta
5.3
MEDIUM
CVE-2017-12072
< 6.8.0-3456
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authe
5.4
MEDIUM
CVE-2017-12080
>= 6.3 and < 6.3-2970
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.
5.3
MEDIUM
CVE-2017-12079
>= 6.8 and < 6.8.1-3458
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and be
7.5
HIGH
CVE-2017-12071
<= 6.3-2967
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow
6.5
MEDIUM
CVE-2017-11162
<= 6.3-2967
Directory traversal vulnerability in synphotoio in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticat
6.5
MEDIUM
CVE-2017-11161
<= 6.3-2967
Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute
9.8
CRITICAL
CVE-2017-9555
<= 6.6.3-3347
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attac
5.4
MEDIUM
CVE-2017-11155
<= 6.7.2-3429
An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attacker
7.5
HIGH
CVE-2017-11154
<= 6.7.2-3429
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows r
7.2
HIGH
CVE-2017-11153
<= 6.7.2-3429
Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote
9.8
CRITICAL
CVE-2017-11152
<= 6.7.2-3429
Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote
7.5
HIGH
CVE-2017-11151
<= 6.7.2-3429
A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload
9.8
CRITICAL
CVE-2015-9102
<= 6.3-2960
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow re
5.4
MEDIUM
CVE-2017-9552
all versions
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via
7.8
HIGH
CVE-2016-10331
<= 6.5.2-3225
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbi
7.5
HIGH
CVE-2016-10330
<= 6.5.2-3225
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allow
7.1
HIGH
CVE-2016-10329
<= 6.5.2-3225
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitr
9.8
CRITICAL
CVE-2016-10323
< 6.3-2958
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_us
7.8
HIGH
CVE-2016-10322
<= 6.3-2954
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharact
8.8
HIGH
CVE-2015-4656
<= 6.3-2944
Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arb
CVE-2013-5760
all versions
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/l
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin