CVE-2021-29089

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt