CVE-2018-13299 MEDIUM

CVE-2018-13299

Vendor Synology

Product Calendar

Weakness CWE-23

Published April 1, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter.

Key dates

02Disclosure timeline

April 1, 2019 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-13299

Related vulnerabilities

04Related CVE

CVE-2024-54461 Unsanitized Filenames in Flutter package file_selector_android Allow File Overwrites CVE-2024-0550 Privileged User using traversal to read system files CVE-2024-52012 Apache Solr: Configset upload on Windows allows arbitrary path write-access CVE-2022-21808 CVE-2025-9570 Sunnet｜eHRD CTMS - Arbitrary File Reading through Path Traversal