Description
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain arbitrary files via prog_id field.
Affected products
- Synology / Photo Stationbefore 6.8.1-3458 – before 6.8.1-3458
- Synology / Photo Stationbefore 6.3-2970 – before 6.3-2970