QNAP NAS running Photo Station are prone to a remote code execution vulnerability. QNAP NAS running Photo Station are prone to a remote code execution vulnerability. This can be exploited by remote attackers to execute arbitrary code on the system. A successful exploit could allow an attacker to take complete control of the affected system. It has been reported that this issue has been fixed in Photo Station 6.1.2 and later. However, it is recommended that all Photo Station users upgrade to the latest version. We have already fixed the vulnerability in the following versions: Photo Station 6.1.2 and later Photo Station 5.7.18 and later Photo Station 5.4.15 and later Photo Station 5.2.14 and later QNAP NAS running Photo Station are prone to a XSS vulnerability. This can be exploited by malicious visitors to execute JavaScript code of their choice on the system. A successful exploit could allow an attacker to take control of the affected system. It has been reported that this issue has been fixed in Photo Station 5.7.18 and later. However, it is recommended that all Photo Station users upgrade to the latest version. We have already fixed the vulnerability in the following versions: Photo Station 6.1.2 and later Photo Station 5.7.18 and later Photo Station 5.4.15 and later Photo Station 5.2.14 and later QNAP NAS running Photo Station are prone to a XSS vulnerability. This can be exploited by malicious

[**QNAP NAS running Photo Station are prone to XSS vulnerability **](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27593)

Photo Station users are encouraged to upgrade to the latest version, which has been fixed in Photo Station 5.7.18 and later. This vulnerability is not present in Photo Station 6.1.2 and later; however, all earlier versions should be upgraded or patched as soon as possible to avoid any potential threat of exploitations
# CVE-2018-111992
Microsoft Windows running Git Bash are prone to a privilege escalation vulnerability that affects the WSL subsystem on 64-bit systems running a vulnerable version of the operating system (specifically Windows 10 Version 1803). This can be exploited by malicious visitors to escalate their privileges on the system, gain access to restricted APIs, or take control of the affected system with SYSTEM privileges. A successful exploit could allow an attacker to take complete control of the affected system with SYSTEM privileges without any further user interaction required; this would effectively grant them elevated access over other users on the machine Microsoft Windows running Git Bash are prone to a privilege escalation vulnerability that affects 32-bit systems running a vulnerable version of the operating system (specifically Windows 10 Version 1803). This can be exploited by malicious visitors to escalate their privileges on the system, gain access to restricted APIs, or take control of the affected system with SYSTEM privileges. A successful exploit could allow an attacker to take complete control of the affected

Photo Station version  6.1.2 and later

Photo Station version 5.7.18 and later
Photo Station version 5.4.15 and later
Photo Station version 5.2.14 and later

Summary of the vulnerability

The CVE-2022-27593 is a remote code execution vulnerability in Photo Station that can be exploited by remote attackers to execute arbitrary code on the system. A successful exploit could allow an attacker to take complete control of the affected system. It has been reported that this issue has been fixed in Photo Station 6.1.2 and later. However, it is recommended that all Photo Station users upgrade to the latest version. We have already fixed the vulnerability in the following versions: Photo Station 6.1.2 and later Photo Station 5.7.18 and later Photo Station 5.4.15 and later Photo Station 5.2.14 and later

QNAP NAS running Synology NAS are prone to a cross-site scripting vulnerability .

Introduction

QNAP NAS running Photo Station are prone to a remote code execution vulnerability. This can be exploited by remote attackers to execute arbitrary code on the system. A successful exploit could allow an attacker to take complete control of the affected system. It has been reported that this issue has been fixed in Photo Station 6.1.2 and later. However, it is recommended that all Photo Station users upgrade to the latest version. We have already fixed the vulnerability in the following versions:
Photo Station 6.1.2 and later
Photo Station 5.7.18 and later
Photo Station 5.4.15 and later
Photo Station 5.2.14 and later
QNAP NAS running Photo Station are prone to a XSS vulnerability. This can be exploited by malicious visitors to execute JavaScript code of their choice on the system. A successful exploit could allow an attacker to take control of the affected system. It has been reported that this issue has been fixed in Photo Station 5.7.18 and later, however, it is recommended that all Photo Station users upgrade to the latest version in order to fix this issue:
Photo Station 6.1.2 and later
Photo Station 5.7 . 18 and later
Photo Station 5 . 4 . 15 and later
Photo Station 5 . 2 . 14 and later

Timeline

Published on: 09/08/2022 11:15:00 UTC
Last modified on: 09/13/2022 14:41:00 UTC

References