High severity8.8NVD Advisory· Published Apr 10, 2017· Updated Jun 17, 2026
CVE-2016-10322
CVE-2016-10322
Description
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*range: <=6.3-2954
- (no CPE)range: <6.3-2958
Patches
Vulnerability mechanics
References
2- seclists.org/oss-sec/2016/q1/236nvdExploitMailing ListThird Party Advisory
- www.synology.com/en-us/releaseNote/PhotoStationnvdRelease Notes
News mentions
0No linked articles in our index yet.