PT-2021-3994 · Synology · Synology Photo Station

Bing-Jhong Jheng

Published

2021-06-01

Updated

2021-06-10

CVE-2021-29090

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Synology Photo Station versions prior to 6.8.14-3500

Description The issue is related to the improper neutralization of special elements used in SQL commands, which can be exploited to execute arbitrary SQL commands. This can be done by remote authenticated users via unspecified vectors.

Recommendations For versions prior to 6.8.14-3500, update to version 6.8.14-3500 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL database to minimize the risk of exploitation. Avoid using user-supplied input in SQL commands until the issue is resolved.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2021-04516

CVE-2021-29090

Affected Products

Synology Photo Station

PT-2021-3994 · Synology · Synology Photo Station

CVE-2021-29090

Weakness Enumeration

Related Identifiers

Affected Products

References · 5