VYPR
Critical severity9.8NVD Advisory· Published May 12, 2017· Updated Jun 17, 2026

CVE-2016-10329

CVE-2016-10329

Description

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*range: <=6.5.2-3225
    • (no CPE)range: <6.5.3-3226
    • (no CPE)range: All versions prior to version 6.5.3-3226

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.