← Back

Photo Station

photo_station

Vendor: Qnap • 26 CVEs

CVEs (26)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-7194
1Qnap
1Photo Station
Oct 27, 2025
Dec 5, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
CVE-2019-7192
1Qnap
1Photo Station
Oct 27, 2025
Dec 5, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
CVE-2018-0722
1Qnap
1Photo Station
Nov 21, 2024
Feb 1, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the d...Show more
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.Show less
CVE-2018-0715
1Qnap
1Photo Station
Nov 21, 2024
Aug 27, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application.
CVE-2017-13073
1Qnap
1Photo Station
Nov 21, 2024
Apr 23, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.
CVE-2013-5760
1Qnap
2Photo Station
Photo Station Firmware
May 6, 2026
Jun 9, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php.