CVE-2018-13299

Relative path traversal vulnerability in Attachment Uploader in Synology Calendar before 2.2.2-0532 allows remote authenticated users to upload arbitrary files via the filename parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt