PT-2019-8964 · Synology · Synology Calendar

Chun Han Hsiao

Published

2019-04-01

Updated

2019-10-09

CVE-2018-13299

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Synology Calendar versions prior to 2.2.2-0532

Description A relative path traversal issue exists in the Attachment Uploader of Synology Calendar, allowing remote authenticated users to upload arbitrary files by manipulating the filename parameter.

Recommendations For versions prior to 2.2.2-0532, update to version 2.2.2-0532 or later to resolve the issue.

Fix

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

CVE-2018-13299

Affected Products

Synology Calendar

PT-2019-8964 · Synology · Synology Calendar

CVE-2018-13299

Weakness Enumeration

Related Identifiers

Affected Products

References · 3