symfony is vulnerable to information disclosure. Calling the UploadedFile::__toString()
function discloses the path of the uploaded file, which can escalate to a remote code execution when used with a local file inclusion.
CPE | Name | Operator | Version |
---|---|---|---|
symfony/symfony | eq | 4.2.0 | |
symfony/symfony | le | 4.1.8 | |
symfony/symfony | le | 4.0.14 | |
symfony/symfony | le | 2.7.49 | |
symfony/symfony | le | 3.4.19 | |
symfony/symfony | le | 2.8.48 |