SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2012-5574

Date: (C)2012-12-20 (M)2023-12-22

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

FEDORA-2012-19076

FEDORA-2012-19195

FEDORA-2012-19235

http://www.openwall.com/lists/oss-security/2012/11/26/12

http://symfony.com/blog/security-release-symfony-1-4-20-released

http://trac.symfony-project.org/changeset/33598

https://bugs.gentoo.org/show_bug.cgi?id=444696

https://bugzilla.redhat.com/show_bug.cgi?id=880240

symfony-unspecified-information-disclosure(80309)

cpe:/a:sensiolabs:symfony:1.4.0:rc1
cpe:/a:sensiolabs:symfony:1.4.0:rc2
cpe:/a:sensiolabs:symfony:1.4.9
cpe:/a:sensiolabs:symfony:1.4.7
...

oval:org.secpod.oval:def:104361
oval:org.secpod.oval:def:104360

© SecPod Technologies