CVE-2018-13282

Description

Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Synology / Photo Stationunspecified – 6.8.7-3481

References

MISChttps://www.synology.com/en-global/support/security/Synology_SA_18_37