Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Synology DSM4 Blind SQL Injection
Mar 13 2014 12:34AM
Michael Wisniewski (wiz561 gmail com)
Title: Synology DSM Blind SQL Injection
Version affected: <= 4.3-3827
Discovered by: Michael Wisniewski
The file "/photo/include/blog/article.php" contains a Blind SQL
Injection Vulnerability in the 'value' variable in the URL.
The vendor was contacte...
[ more ]
Copyright 2010, SecurityFocus