Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getsymphony symphony vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2013-2559
SQL injection vulnerability in Symphony CMS prior to 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony
Getsymphony Symphony 2.3
Getsymphony Symphony 2.1.0
Getsymphony Symphony 2.1.1
1 EDB exploit
6.8
CVSSv2
CVE-2013-7346
Cross-site request forgery (CSRF) vulnerability in Symphony CMS prior to 2.3.2 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
Getsymphony Symphony
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.1
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.3
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.1.0
1 EDB exploit
7.5
CVSSv2
CVE-2010-3458
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote malicious users to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party informa...
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.1
1 EDB exploit
4.3
CVSSv2
CVE-2010-3457
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) sen...
Getsymphony Symphony 2.1.1
Getsymphony Symphony 2.0.7
1 EDB exploit
6.5
CVSSv2
CVE-2017-7694
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS up to and including 2.6.11 allows remote malicious users to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the da...
Getsymphony Symphony
4.3
CVSSv2
CVE-2015-4661
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via the sort parameter to system/authors.
Getsymphony Symphony
4.3
CVSSv2
CVE-2015-8766
Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS prior to 2.6.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[...
Getsymphony Symphony
5
CVSSv2
CVE-2017-5541
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS prior to 2.6.10 allows remote malicious users to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
Getsymphony Symphony
4.3
CVSSv2
CVE-2017-5542
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS prior to 2.6.10 allows remote malicious users to inject arbitrary web script or HTML via the existing-folder parameter.
Getsymphony Symphony
4.3
CVSSv2
CVE-2017-6067
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
Getsymphony Symphony 2.6.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »