CVE-2021-33180: SQL Injection
First published: Tue Jun 01 2021(Updated: )
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: security@synology.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Synology Media Server | <1.8.1-2876 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-33180.
What is the severity of CVE-2021-33180?
CVE-2021-33180 has a severity level of critical, with a severity value of 9.8.
What is the affected software for CVE-2021-33180?
The affected software for CVE-2021-33180 is Synology Media Server version up to and including 1.8.1-2876.
How does CVE-2021-33180 work?
CVE-2021-33180 is a SQL Injection vulnerability in the cgi component of Synology Media Server, which allows remote attackers to execute arbitrary SQL commands through unspecified vectors.
Is there a fix available for CVE-2021-33180?
Yes, a fix is available for CVE-2021-33180. It is recommended to update Synology Media Server to version 1.8.1-2876 or later.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/synology
- canonical/synology media server