CVE-2021-29089

Name of the Vulnerable Software and Affected Versions: Synology Photo Station versions prior to 6.8.14-3500

Description: The issue is related to improper neutralization of special elements used in an SQL command, also known as SQL Injection, in the thumbnail component. This allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Recommendations: For versions prior to 6.8.14-3500, update to version 6.8.14-3500 or later to resolve the issue. As a temporary workaround, consider restricting access to the thumbnail component to minimize the risk of exploitation.