CVE-2017-12071 - AskarLabs CVE Database

CVE-2017-12071

Vendor Synology

Product Synology Photo Station

Weakness CWE-918 · SSRF

Published September 8, 2017

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.

Key dates

02Disclosure timeline

September 8, 2017 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-12071 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2025-67961 WordPress WPO365 plugin <= 40.0 - Server Side Request Forgery (SSRF) vulnerability CVE-2026-46526 Local Deep Research: SSRF bypass in `safe_get` CVE-2026-3163 SourceCodester Website Link Extractor URL file_get_contents server-side request forgery CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery CVE-2026-40566 FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints