CVE-2018-8926

HIGH8.8

Description

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Synology / Photo Stationunspecified – 6.8.5-3471
Synology / Photo Stationunspecified – 6.3-2975

References

MISChttps://www.synology.com/zh-tw/support/security/Synology_SA_18_15