Synology Photo Station up to 6.8.11 synophoto_csPhotoDB.php type sql injection – Digitalmunition

Exploit Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on July 1st, 2019 📆 | 2910 Views ⚑


Synology Photo Station up to 6.8.11 synophoto_csPhotoDB.php type sql injection

CVSS Meta Temp Score Current Exploit Price (≈)
6.0 $0-$5k

A vulnerability was found in Synology Photo Station up to 6.8.11 (Network Attached Storage Software). It has been rated as critical. This issue affects some unknown processing of the file synophoto_csPhotoDB.php. The manipulation of the argument type as part of a Parameter leads to a sql injection vulnerability. Using CWE to declare the problem leads to CWE-89. Impacted is confidentiality, integrity, and availability. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange.

The weakness was disclosed 06/30/2019. It is possible to read the advisory at The identification of this vulnerability is CVE-2019-11821 since 05/08/2019. The attack may be initiated remotely. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 6.8.11-3489 eliminates this vulnerability.

The entry 137088 is pretty similar.




VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Sql injection (CWE-89)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: Photo Station 6.8.11-3489

05/08/2019 CVE assigned
06/30/2019 +53 days Advisory disclosed
06/30/2019 +0 days VulDB entry created
06/30/2019 +0 days VulDB last updateVendor:


CVE: CVE-2019-11821 (🔒)
See also: 🔒

Created: 06/30/2019 09:43 PM
Complete: 🔍


No comments yet. Please log in to comment.

Use the official API to access entries easily!

Download WordPress Themes
Download WordPress Themes
Free Download WordPress Themes
Download WordPress Themes Free
free download udemy paid course

Tagged with:

Leave a Reply ✍

This site uses Akismet to reduce spam. Learn how your comment data is processed.