CVE-2017-11161

CVE-2017-11161

Vendor Synology
Product Synology Photo Station
Weakness CWE-89 · SQLi
Published September 8, 2017
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

Key dates

02Disclosure timeline

September 8, 2017 CVE published
September 16, 2024 Record updated