PT-2017-17892 · Symphony · Symphony Cms
Math1As
·
Publicado
2017-04-11
·
Atualizado
2020-08-25
·
CVE-2017-7694
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Symphony CMS versions prior to 2.6.12
Description
A Remote Code Execution issue allows remote attackers to execute code and obtain a webshell from the back-end. The attacker must be authenticated and enter PHP code in the
datasource editor or event editor.Recommendations
For versions prior to 2.6.12, update to version 2.6.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the
datasource editor and event editor to minimize the risk of exploitation.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Symphony Cms