CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
68.3%
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
Vendor | Product | Version | CPE |
---|---|---|---|
21degrees | symphony | * | cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:* |
21degrees | symphony | 1.1 | cpe:2.3:a:21degrees:symphony:1.1:*:*:*:*:*:*:* |
21degrees | symphony | 1.5 | cpe:2.3:a:21degrees:symphony:1.5:*:*:*:*:*:*:* |
21degrees | symphony | 1.5.05 | cpe:2.3:a:21degrees:symphony:1.5.05:*:*:*:*:*:*:* |
21degrees | symphony | 1.5.06 | cpe:2.3:a:21degrees:symphony:1.5.06:*:*:*:*:*:*:* |
21degrees | symphony | 1.6.02 | cpe:2.3:a:21degrees:symphony:1.6.02:*:*:*:*:*:*:* |
21degrees | symphony | 1.7 | cpe:2.3:a:21degrees:symphony:1.7:*:*:*:*:*:*:* |