CVE-2017-11154

CVE-2017-11154

Vendor Synology
Product Synology Photo Station
Weakness CWE-434 · Unrestricted file upload
Published August 8, 2017
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.

Key dates

02Disclosure timeline

August 8, 2017 CVE published
September 17, 2024 Record updated