CVE-2017-15894

CVE-2017-15894

Vendor Synology
Product Synology DiskStation Manager (DSM)
Weakness CWE-22 · Path traversal
Published December 8, 2017
Last update September 16, 2024

CVSS base score

What the vulnerability does

01Description

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter.

Key dates

02Disclosure timeline

December 8, 2017 CVE published
September 16, 2024 Record updated