[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4341Date: (C)2012-02-12   (M)2023-12-22


Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://seclists.org/bugtraq/2011/Nov/8
SECUNIA-46663
OSVDB-76884
http://www.openwall.com/lists/oss-security/2011/11/22/9
http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txt
http://symphony-cms.com/download/releases/version/2.2.4/
http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/
https://github.com/symphonycms/symphony-2/commit/476e4926e2773588eab10dd3036f27e1411521b5
symphony-filter-sql-injection(71105)

CWE    1
CWE-79

© SecPod Technologies