Symphony Security Vulnerabilities and Issues — Symphony CVE List

Lucene search

GetsymphonySymphony

3 matches found

CVE•added 2010/06/03 2:30 p.m.•44 views

CVE-2010-2143

Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the mode parameter.

7.5CVSS7.4AI score0.0285EPSS

CVE•added 2010/09/17 8:0 p.m.•44 views

CVE-2010-3458

SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

7.5CVSS8.7AI score0.00505EPSS

CVE•added 2010/09/17 8:0 p.m.•42 views

CVE-2010-3457

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parame...

4.3CVSS5.9AI score0.01601EPSS