Vulnerability Details CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.1%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2019-11822
-
cpe:2.3:a:synology:photo_station:6.3
-
cpe:2.3:a:synology:photo_station:6.3-2944
-
cpe:2.3:a:synology:photo_station:6.3-2958
-
cpe:2.3:a:synology:photo_station:6.3-2960
-
cpe:2.3:a:synology:photo_station:6.3-2962
-
cpe:2.3:a:synology:photo_station:6.3-2963
-
cpe:2.3:a:synology:photo_station:6.3-2964
-
cpe:2.3:a:synology:photo_station:6.3-2965
-
cpe:2.3:a:synology:photo_station:6.3-2967
-
cpe:2.3:a:synology:photo_station:6.3-2968
-
cpe:2.3:a:synology:photo_station:6.3-2970
-
cpe:2.3:a:synology:photo_station:6.3-2971
-
cpe:2.3:a:synology:photo_station:6.3-2974
-
cpe:2.3:a:synology:photo_station:6.3-2975
-
cpe:2.3:a:synology:photo_station:6.3-2976
-
cpe:2.3:a:synology:photo_station:6.8
-
cpe:2.3:a:synology:photo_station:6.8.0-3456
-
cpe:2.3:a:synology:photo_station:6.8.1-3458
-
cpe:2.3:a:synology:photo_station:6.8.10-3487
-
cpe:2.3:a:synology:photo_station:6.8.2-3461
-
cpe:2.3:a:synology:photo_station:6.8.3-3463
-
cpe:2.3:a:synology:photo_station:6.8.4-3468
-
cpe:2.3:a:synology:photo_station:6.8.5-3471
-
cpe:2.3:a:synology:photo_station:6.8.6-3479
-
cpe:2.3:a:synology:photo_station:6.8.7-3481
-
cpe:2.3:a:synology:photo_station:6.8.8-3482
-
cpe:2.3:a:synology:photo_station:6.8.9-3483