Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getsymphony symphony vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-7346
Cross-site request forgery (CSRF) vulnerability in Symphony CMS prior to 2.3.2 allows remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
Getsymphony Symphony
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.1
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.3
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.1.0
1 EDB exploit
6.5
CVSSv2
CVE-2013-2559
SQL injection vulnerability in Symphony CMS prior to 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Getsymphony Symphony 2.0.4
Getsymphony Symphony 2.0.5
Getsymphony Symphony 2.0.6
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.0
Getsymphony Symphony 2.0.3
Getsymphony Symphony
Getsymphony Symphony 2.3
Getsymphony Symphony 2.1.0
Getsymphony Symphony 2.1.1
1 EDB exploit
4.3
CVSSv2
CVE-2010-3457
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) sen...
Getsymphony Symphony 2.1.1
Getsymphony Symphony 2.0.7
1 EDB exploit
7.5
CVSSv2
CVE-2010-3458
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote malicious users to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party informa...
Getsymphony Symphony 2.0.7
Getsymphony Symphony 2.1.1
1 EDB exploit
4.3
CVSSv2
CVE-2015-8766
Multiple cross-site scripting (XSS) vulnerabilities in content/content.systempreferences.php in Symphony CMS prior to 2.6.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) email_sendmail[from_name], (2) email_sendmail[from_address], (3) email_smtp[...
Getsymphony Symphony
4.3
CVSSv2
CVE-2015-4661
Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote malicious users to inject arbitrary web script or HTML via the sort parameter to system/authors.
Getsymphony Symphony
4.3
CVSSv2
CVE-2017-5542
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS prior to 2.6.10 allows remote malicious users to inject arbitrary web script or HTML via the existing-folder parameter.
Getsymphony Symphony
5
CVSSv2
CVE-2017-5541
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS prior to 2.6.10 allows remote malicious users to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
Getsymphony Symphony
6.5
CVSSv2
CVE-2017-7694
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS up to and including 2.6.11 allows remote malicious users to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the da...
Getsymphony Symphony
7.6
CVSSv2
CVE-2016-4309
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote malicious users to hijack web sessions via the PHPSESSID parameter.
Getsymphony Symphony 2.6.7
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »