Description
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Synology / BeePhotos1.1.0-10053
- Synology / BeePhotos1.0.2-10026
- Synology / Synology Photos1.7.0-0795
- Synology / Synology Photos1.6.2-0720
Exploits & PoCs
- nucleiSynology BeeStation BST150-4T - Unauthenticated Command Injectionby iamnoooob,pdresearch