High severity7.2NVD Advisory· Published Aug 8, 2017· Updated Jun 17, 2026
CVE-2017-11154
CVE-2017-11154
Description
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*range: <=6.7.2-3429
- cpe:2.3:a:synology:photo_station:6.3-2967:*:*:*:*:*:*:*
- (no CPE)range: <6.7.3-3432, <6.3-2967
- (no CPE)range: before 6.7.3-3432 and 6.3-2967
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/42434/nvdThird Party AdvisoryVDB Entry
- www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStationnvdVendor Advisory
News mentions
0No linked articles in our index yet.