CVE-2013-6955
60Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 85%
from disclosure to weapon0 days
Published on NVDJan 9
1st PoCDec 24
metasploitOct 31
exploitation probability
85%top 1% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/30470unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://www.kb.cert.org/vuls/id/615910