CVE-2018-8926

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.

Vulnerabilidad de expresión regular permisiva en synophoto_dsm_user en SYNOPHOTO_Flickr_MultiUpload en Synology Photo Station, en versiones anteriores a la 6.8.5-3471 y a la 6.3-2975, permite que usuarios autenticados remotos lleven a cabo ataques de escalado de privilegios mediante el parámetro fullname.