Lucene search

K
cve[email protected]CVE-2013-7346
HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-7346

2022-10-0316:14:53
CWE-352
web.nvd.nist.gov
22
cve-2013-7346
cross-site request forgery
csrf vulnerability
symphony cms
sql injection
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.5%

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.

Affected configurations

NVD
Node
getsymphonysymphonyRange2.3.1
OR
getsymphonysymphonyMatch2.0
OR
getsymphonysymphonyMatch2.0.3
OR
getsymphonysymphonyMatch2.0.4
OR
getsymphonysymphonyMatch2.0.5
OR
getsymphonysymphonyMatch2.0.6
OR
getsymphonysymphonyMatch2.0.7
OR
getsymphonysymphonyMatch2.1.0
OR
getsymphonysymphonyMatch2.1.1
OR
getsymphonysymphonyMatch2.3

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.5%