Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-18888

Published: 21/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Symfony

Vulnerability Summary

An issue exists in Symfony 2.8.0 up to and including 2.8.50, 3.4.0 up to and including 3.4.34, 4.2.0 up to and including 4.2.11, and 4.3.0 up to and including 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sensiolabs symfony

fedoraproject fedora 30

fedoraproject fedora 31

Vendor Advisories

Debian Security Advisories: DSA-4573-1 symfony -- security update
Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization For the oldstable distribution (stretch), these problems have been fixed in version 287+dfsg-13+deb9u3 For the stable distribution (buster), these problems have be ...

Github Repositories

https://github.com/fredriclesomar/EPoS

Point of Sale, Laravel Framework!

Laravel Sales of Point Framework Laravel with Infyom Laravel Generator (custom login), Minimal PHP 71 > requirement PHP 7232 How to use: Download repository and extracted or clone the repository $ git clone githubcom/fredriclesomar/EPoSgit Running composer $ cd EPoS $ composer install

References

CWE-88https://github.com/symfony/symfony/releases/tag/v4.3.8https://symfony.com/blog/cve-2019-18888-prevent-argument-injection-in-a-mimetypeguesserhttps://symfony.com/blog/symfony-4-3-8-releasedhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZNXRVHDQBNZQUCNRVZICPPBFRAUWUJX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXEAOEANNIVYANTMOJ42NKSU6BGNBULZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UED22BOXTL2SSFMGYKA64ZFHGLLJG3EA/https://nvd.nist.govhttps://www.debian.org/security/2019/dsa-4573https://github.com/fredriclesomar/EPoS
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook