Remote Code Execution

2024-03-2706:46:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

friendsofsymfony1/symfony1

swift mailer

vulnerability

untrusted user input

php code

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

7.9

Confidence

High

EPSS

Percentile

9.0%

JSON

friendsofsymfony1/symfony1 is vulnerable to Remote Code Execution. The vulnerability is due to the ability to abuse the __destruct methods in Swift Mailer classes, which can be exploited to execute arbitrary PHP code if a developer unserializes untrusted user input.