First published: Wed Oct 31 2018(Updated: )
Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
Credit: security@synology.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synology Photo Station | >=6.3<6.3-2976 | |
Synology Photo Station | >=6.8<6.8.7-3481 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-13282 refers to a session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481.
CVE-2018-13282 allows remote attackers to hijack web sessions in Synology Photo Station.
CVE-2018-13282 has a severity rating of 6.3, which is considered medium.
To fix CVE-2018-13282, upgrade Synology Photo Station to version 6.8.7-3481 or higher.
More information about CVE-2018-13282 can be found at the following link: [Synology Security Advisory](https://www.synology.com/en-global/support/security/Synology_SA_18_37).