CVE-2018-13282

Name of the Vulnerable Software and Affected Versions Synology Photo Station versions prior to 6.8.7-3481

Description The issue is related to a session fixation problem in the SYNO.PhotoStation.Auth component. It allows remote attackers to hijack web sessions via the PHPSESSID parameter, potentially leading to unauthorized access to protected data.

Recommendations For versions prior to 6.8.7-3481, update to version 6.8.7-3481 or later to resolve the issue. As a temporary workaround, consider restricting access to the PHPSESSID parameter to minimize the risk of session hijacking.