7 matches found
EUVD-2013-7118
Malware in sbrugna...
Symphony CMS SQL Injection (CVE-2013-2559)
An SQL injection vulnerability exists in the Symphony CMS. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559...
CVE-2013-2559
Symphony CMS (before 2.3.2) is affected by a SQL injection in the sort parameter to system/authors/ that can be triggered by remote authenticated users; note that CSRF can enable remote unauthenticated attackers to execute arbitrary SQL commands. The issue is linked to CVE-2013-2559 and is also d...
SQL Injection Vulnerability in Symphony
Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...
Symphony 2.3.1 SQL Injection Vulnerability
Symphony version 2.3.1 suffers from a remote SQL injection vulnerability. Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013...
Symphony 2.3.1 SQL Injection
Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...