CVE-2017-18263

Name of the Vulnerable Software and Affected Versions: Seagate Personal Cloud versions prior to 4.3.18.4

Description: The issue concerns a directory traversal vulnerability. It can be exploited via the getPhotoPlaylistPhotos.psp endpoint, specifically through a parameter named url.

Recommendations: For versions prior to 4.3.18.4, update to version 4.3.18.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the getPhotoPlaylistPhotos.psp endpoint until the update is applied. Avoid using the url parameter in the affected endpoint until the issue is resolved.