CVE-2017-11153 - AskarLabs CVE Database

CVE-2017-11153

Vendor Synology

Product Synology Photo Station

Weakness CWE-502 · Unsafe deserialization

Published August 8, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

Key dates

02Disclosure timeline

August 8, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-11153

Related vulnerabilities

04Related CVE

CVE-2024-27985 WordPress PropertyHive plugin <= 2.0.9 - PHP Object Injection vulnerability CVE-2024-6152 Flipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object Injection CVE-2025-54742 WordPress WpEvently Plugin <= 4.4.8 - PHP Object Injection Vulnerability CVE-2021-4451 NinjaFirewall <= 4.3.3 - Authenticated PHAR Deserialization CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022