2 matches found
CVE-2008-3591
The CVE-2008-3591 issue affects Twentyone Degrees Symphony 1.7.01 and earlier, where the lib/class.admin.php login path processes the sym_auth cookie in a database query. The underlying flaw is a SQL injection that allows an attacker to alter queries, potentially bypass authentication and gain ad...
CVE-2008-3592
CVE-2008-3592 describes an unrestricted file upload vulnerability in the File Manager of the Twentyone Degrees Symphony admin panel (versions 1.7.01 and earlier). The flaw permits remote attackers to execute arbitrary code by uploading a file with an executable extension to a destination director...