CVE-2017-16772

CVE-2017-16772

Vendor Synology
Product Photo Station
Weakness CWE-434 · Unrestricted file upload
Published March 22, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.

Key dates

02Disclosure timeline

March 22, 2018 CVE published
September 17, 2024 Record updated