Release date:
Updated on:
Affected Systems:
Synology Photo Station 4.2-2304
Synology Photo Station
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56674
Synology Photo Station is a solution for sharing images, videos, and blogs on the Internet.
The/Photo/include/file_upload.php page of Synology photo Station does not check the validity of the list parameter. Attackers can obtain Arbitrary File Content by submitting malicious list Parameters and traversing directories.
<* Source: Julien Cayssol (security@aqwz.com)
Link: http://www.securelist.com/en/advisories/51354
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Synology
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Www.synology.com/