Description

It was possible to guess/extract the Symfony's application secret (APP_SECRET). The secret was either guessed from a list of weak secrets or was extracted from the publicly accessible phpinfo page.

Using this secret it was possible to execute arbitrary PHP code using the ESI (Edge-Side Includes) functionality that is accessible at /_fragment.

Remediation

It's recommended to disable ESI (Edge-Side Includes) and to change the Symfony's application secret (APP_SECRET).

References

Related Vulnerabilities