Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7346

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-7346
Last Modified 27 Mar 2014 02:56:19
Published 27 Mar 2014 12:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7346

Summary

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.

Vulnerable Systems

Application

  • Symphony-cms Symphony Cms 2.0

  • Symphony-cms Symphony Cms 2.0.3

  • Symphony-cms Symphony Cms 2.0.4

  • Symphony-cms Symphony Cms 2.0.5

  • Symphony-cms Symphony Cms 2.0.6

  • Symphony-cms Symphony Cms 2.0.7

  • Symphony-cms Symphony Cms 2.1.0

  • Symphony-cms Symphony Cms 2.1.1

  • Symphony-cms Symphony Cms 2.3.0

  • Symphony-cms Symphony Cms 2.3.1


References

MISC - https://www.htbridge.com/advisory/HTB23148

BUGTRAQ - 20130403 SQL Injection Vulnerability in Symphony


Last Updated: 27 May 2016 11:04:48