Lucene search

K
nvd[email protected]NVD:CVE-2013-7346
HistoryMar 27, 2014 - 4:55 p.m.

CVE-2013-7346

2014-03-2716:55:05
CWE-352
web.nvd.nist.gov
3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

41.5%

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.

Affected configurations

NVD
Node
getsymphonysymphonyRange2.3.1
OR
getsymphonysymphonyMatch2.0
OR
getsymphonysymphonyMatch2.0.3
OR
getsymphonysymphonyMatch2.0.4
OR
getsymphonysymphonyMatch2.0.5
OR
getsymphonysymphonyMatch2.0.6
OR
getsymphonysymphonyMatch2.0.7
OR
getsymphonysymphonyMatch2.1.0
OR
getsymphonysymphonyMatch2.1.1
OR
getsymphonysymphonyMatch2.3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.001

Percentile

41.5%