Vulnerability Details CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
Products affected by CVE-2019-11821
-
cpe:2.3:a:synology:photo_station:6.3
-
cpe:2.3:a:synology:photo_station:6.3-2944
-
cpe:2.3:a:synology:photo_station:6.3-2958
-
cpe:2.3:a:synology:photo_station:6.3-2960
-
cpe:2.3:a:synology:photo_station:6.3-2962
-
cpe:2.3:a:synology:photo_station:6.3-2963
-
cpe:2.3:a:synology:photo_station:6.3-2964
-
cpe:2.3:a:synology:photo_station:6.3-2965
-
cpe:2.3:a:synology:photo_station:6.3-2967
-
cpe:2.3:a:synology:photo_station:6.3-2968
-
cpe:2.3:a:synology:photo_station:6.3-2970
-
cpe:2.3:a:synology:photo_station:6.3-2971
-
cpe:2.3:a:synology:photo_station:6.3-2974
-
cpe:2.3:a:synology:photo_station:6.3-2975
-
cpe:2.3:a:synology:photo_station:6.3-2976
-
cpe:2.3:a:synology:photo_station:6.8
-
cpe:2.3:a:synology:photo_station:6.8.0-3456
-
cpe:2.3:a:synology:photo_station:6.8.1-3458
-
cpe:2.3:a:synology:photo_station:6.8.10-3487
-
cpe:2.3:a:synology:photo_station:6.8.2-3461
-
cpe:2.3:a:synology:photo_station:6.8.3-3463
-
cpe:2.3:a:synology:photo_station:6.8.4-3468
-
cpe:2.3:a:synology:photo_station:6.8.5-3471
-
cpe:2.3:a:synology:photo_station:6.8.6-3479
-
cpe:2.3:a:synology:photo_station:6.8.7-3481
-
cpe:2.3:a:synology:photo_station:6.8.8-3482
-
cpe:2.3:a:synology:photo_station:6.8.9-3483