Symfony Security Vulnerabilities and Issues — Symfony CVE List

Lucene search

SensiolabsSymfony

4 matches found

CVE•added 2012/12/27 11:47 a.m.•46 views

CVE-2012-6432

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.

6.8CVSS6.8AI score0.0043EPSS

CVE•added 2012/12/18 1:55 a.m.•45 views

CVE-2012-5574

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

5CVSS6.4AI score0.0055EPSS

CVE•added 2012/12/27 11:47 a.m.•39 views

CVE-2012-6431

Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.

6.4CVSS6.6AI score0.00285EPSS

CVE•added 2012/06/07 7:55 p.m.•34 views

CVE-2012-2667

Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."

4.3CVSS6.4AI score0.00516EPSS