Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter.
The product uses a regular expression that does not sufficiently restrict the set of allowed values.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Photo_station | Synology | 6.3-2958 (including) | 6.3-2975 (including) |
Photo_station | Synology | 6.8.0-3456 (including) | 6.8.5-3471 (excluding) |
This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: