PT-2017-17892 · Symphony · Symphony Cms
Math1As
·
Published
2017-04-11
·
Updated
2020-08-25
·
CVE-2017-7694
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Symphony CMS versions prior to 2.6.12
Description
A Remote Code Execution issue allows remote attackers to execute code and obtain a webshell from the back-end. The attacker must be authenticated and enter PHP code in the
datasource editor or event editor.Recommendations
For versions prior to 2.6.12, update to version 2.6.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the
datasource editor and event editor to minimize the risk of exploitation.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symphony Cms