Lucene search
HistoryMar 27, 2014 - 4:55 p.m.
CVE-2013-7346
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.6%
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
Affected configurations
Node
getsymphonysymphonyRange≤2.3.1
ORgetsymphonysymphonyMatch2.0
ORgetsymphonysymphonyMatch2.0.3
ORgetsymphonysymphonyMatch2.0.4
ORgetsymphonysymphonyMatch2.0.5
ORgetsymphonysymphonyMatch2.0.6
ORgetsymphonysymphonyMatch2.0.7
ORgetsymphonysymphonyMatch2.1.0
ORgetsymphonysymphonyMatch2.1.1
ORgetsymphonysymphonyMatch2.3
Related
prion
prion
Cross site request forgery (csrf)
2014-03-27 16:55:00
Sql injection
2014-03-27 16:55:00
cve
cve
CVE-2013-7346
2022-10-03 16:14:53
CVE-2013-2559
2014-03-27 16:55:05
cvelist
cvelist
CVE-2013-7346
2022-10-03 16:14:53
CVE-2013-2559
2014-03-27 16:00:00
nvd
nvd
CVE-2013-2559
2014-03-27 16:55:05
securityvulns
securityvulns
SQL Injection Vulnerability in Symphony
2013-05-06 00:00:00
zdt
zdt
Symphony 2.3.1 SQL Injection Vulnerability
2013-04-04 00:00:00
packetstorm
packetstorm
Symphony 2.3.1 SQL Injection
2013-04-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Symphony CMS SQL Injection (CVE-2013-2559)
2020-06-16 00:00:00
htbridge
htbridge
SQL Injection Vulnerability in Symphony
2013-03-13 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.6%
Related for NVD:CVE-2013-7346