CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50631
https://notcve.org/view.php?id=CVE-2024-50631
19 Mar 2025 — Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un comando SQL ('Inyección SQL') en system syncing daemon en Synology Drive Server anterior a 3.0.4-12699, 3.2.... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_21 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50630
https://notcve.org/view.php?id=CVE-2024-50630
19 Mar 2025 — Missing authentication for critical function vulnerability in the webapi component in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to obtain administrator credentials via unspecified vectors. La vulnerabilidad de falta de autenticación para funciones críticas en el componente webapi en Synology Drive Server anterior a 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 y 3.5.1-26102 permite a atacantes remotos obtener credenciales de administrador a través de ... • https://www.synology.com/en-global/security/advisory/Synology_SA_24_21 • CWE-306: Missing Authentication for Critical Function •