Symphony Multiple Remote Security Vulnerabilities Network Vulnerability

Summary

Symphony is prone to following multiple remote security vulnerabilities: 1. An authentication-bypass vulnerability 2. Multiple cross-site-scripting vulnerabilities 3. An HTML-injection vulnerability 4. Multiple SQL-injection vulnerabilities An attacker may leverage these issues to run malicious HTML and script codes in the context of the affected browser, steal cookie-based authentication credentials, to gain unauthorized access to the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. Symphony 2.3 is vulnerable other versions may also be affected.

Solution

Reportedly, the issue is fixed. However, Symantec has not confirmed this. Please contact the vendor for more information.

References

http://www.securityfocus.com/bid/56094

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AdaptBB Multiple Input Validation Vulnerabilities
ApPHP MicroBlog Remote Code Execution Vulnerability
admin.cgi overflow
Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
ATutor < 1.5.1-pl1 Multiple Flaws

Take action and discover your vulnerabilities