Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: synology
Published: 2017-09-08T14:00:00Z
Updated: 2024-09-17T02:15:37.814Z
Reserved: 2017-07-31T00:00:00
Link: CVE-2017-12071
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-08T14:29:00.290
Modified: 2019-10-09T23:22:19.307
Link: CVE-2017-12071
Redhat
No data.