BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Synology DSM4 Blind SQL Injection Mar 13 2014 12:34AM
Michael Wisniewski (wiz561 gmail com)
~~~~~~
Title: Synology DSM Blind SQL Injection
Version affected: <= 4.3-3827
Vendor: Synology
Discovered by: Michael Wisniewski
Status: Patched
~~~~~~

The file "/photo/include/blog/article.php" contains a Blind SQL
Injection Vulnerability in the 'value' variable in the URL.

The vendor was contacte...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus