Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getsymphony symphony vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7346
Cross-site request forgery (CSRF) vulnerability in Symphony CMS prior to 2.3.2 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.0
Getsymphony Symphony 2.1.1
Getsymphony Symphony 2.3
Getsymphony Symphony
1 EDB exploit
NA
CVE-2013-2559
SQL injection vulnerability in Symphony CMS prior to 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.0
Getsymphony Symphony 2.1.1
Getsymphony Symphony 2.3
Getsymphony Symphony
1 EDB exploit
NA
CVE-2010-3458
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote malicious users to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party informa...
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.1
1 EDB exploit
NA
CVE-2010-3457
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) sen...
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.1
1 EDB exploit
NA
CVE-2015-4661
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via the sort parameter to system/authors.
Getsymphony Symphony
8.8
CVSSv3
CVE-2017-7694
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS up to and including 2.6.11 allows remote malicious users to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the da...
Getsymphony Symphony
6.1
CVSSv3
CVE-2015-8766
Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS prior to 2.6.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[...
Getsymphony Symphony
5.3
CVSSv3
CVE-2017-5541
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS prior to 2.6.10 allows remote malicious users to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
Getsymphony Symphony
6.1
CVSSv3
CVE-2017-5542
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS prior to 2.6.10 allows remote malicious users to inject arbitrary web script or HTML via the existing-folder parameter.
Getsymphony Symphony
9.1
CVSSv3
CVE-2020-25912
A XML External Entity (XXE) vulnerability exists in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
Getsymphony Symphony 2.7.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »