Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2019-10913

Published: 16/05/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Sensiolabs

Vulnerability Summary

In Symfony prior to 2.7.51, 2.8.x prior to 2.8.50, 3.x prior to 3.4.26, 4.x prior to 4.1.12, and 4.2.x prior to 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS. This is related to symfony/http-foundation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sensiolabs symfony

Vendor Advisories

Debian Security Advisories: DSA-4441-1 symfony -- security update
Multiple vulnerabilities were discovered in the Symfony PHP framework which could lead to cache bypass, authentication bypass, information disclosure, open redirect, cross-site request forgery, deletion of arbitrary files, or arbitrary code execution For the stable distribution (stretch), these problems have been fixed in version 287+dfsg-13+de ...

Github Repositories

https://github.com/KerbenII/shop

Przykładowy sklep

Example Store Bundle (Based on Symfony 32 Framework) NOT MAINTAINED Why? We are currently in 2017 Several hundred thousand platforms are available on the e-commerce market Why, then, I am building next one? Because the author of this code is hungry for knowledge and the next challenges :-) And he wants to test his skills by doing something cool Warning: This code is REA

https://github.com/fredriclesomar/EPoS

Point of Sale, Laravel Framework!

Laravel Sales of Point Framework Laravel with Infyom Laravel Generator (custom login), Minimal PHP 71 > requirement PHP 7232 How to use: Download repository and extracted or clone the repository $ git clone githubcom/fredriclesomar/EPoSgit Running composer $ cd EPoS $ composer install

References

CWE-79CWE-89https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrideshttps://github.com/symfony/symfony/commit/944e60f083c3bffbc6a0b5112db127a10a66a8echttps://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4441https://github.com/KerbenII/shop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook