Lucene search
MitreCVE-2008-3591HistoryAug 11, 2008 - 11:41 p.m.
CVE-2008-3591
2008-08-1123:41:00
CWE-89
mitre
web.nvd.nist.gov
46
cve-2008-3591
sql injection
twentyone degrees symphony
security vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.003
Percentile
68.3%
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
Affected configurations
Node
21degreessymphonyRange≤1.7.01
OR21degreessymphonyMatch1.1
OR21degreessymphonyMatch1.5
OR21degreessymphonyMatch1.5.05
OR21degreessymphonyMatch1.5.06
OR21degreessymphonyMatch1.6.02
OR21degreessymphonyMatch1.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 21degrees | symphony | * | cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:* |
| 21degrees | symphony | 1.1 | cpe:2.3:a:21degrees:symphony:1.1:*:*:*:*:*:*:* |
| 21degrees | symphony | 1.5 | cpe:2.3:a:21degrees:symphony:1.5:*:*:*:*:*:*:* |
| 21degrees | symphony | 1.5.05 | cpe:2.3:a:21degrees:symphony:1.5.05:*:*:*:*:*:*:* |
| 21degrees | symphony | 1.5.06 | cpe:2.3:a:21degrees:symphony:1.5.06:*:*:*:*:*:*:* |
| 21degrees | symphony | 1.6.02 | cpe:2.3:a:21degrees:symphony:1.6.02:*:*:*:*:*:*:* |
| 21degrees | symphony | 1.7 | cpe:2.3:a:21degrees:symphony:1.7:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2008-3591
2008-08-11 23:00:00
nessus
nessus
Symphony sym_auth Cookie SQL Injection
2008-08-04 00:00:00
prion
prion
Sql injection
2008-08-11 23:41:00
nvd
nvd
CVE-2008-3591
2008-08-11 23:41:00
exploitdb
exploitdb
Symphony 1.7.01 (non-patched) - Remote Code Execution
2008-07-31 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.003
Percentile
68.3%
Related for CVE-2008-3591