Vulnerability Details CVE-2019-11826
Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v3 Score 8.0
CVSS v2 Score 6.5
References
Products affected by CVE-2019-11826
-
cpe:2.3:a:synology:moments:1.0.0-0433
-
cpe:2.3:a:synology:moments:1.0.1-0435
-
cpe:2.3:a:synology:moments:1.1.0-0505
-
cpe:2.3:a:synology:moments:1.1.1-0508
-
cpe:2.3:a:synology:moments:1.1.2-0511
-
cpe:2.3:a:synology:moments:1.2.0-0638
-
cpe:2.3:a:synology:moments:1.2.1-0646
-
cpe:2.3:a:synology:moments:1.2.3-199