Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Synology DiskStation Manager ‘imageSelector.cgi’远程命令执行漏洞
Vulnerability Description
Synology DiskStation Manager(DSM)是群晖科技(Synology)公司的一套用于网络储存服务器(NAS)上的操作系统。该操作系统可管理资料、文件、照片、音乐等信息。 Synology DSM 4.3-3776-3及之前版本中的webman/imageSelector.cgi文件中存在安全漏洞。远程攻击者可借助SLICEUPLOAD X-TMP-FILE HTTP头部的路径名利用该漏洞附加数据到任意文件,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A