Описание
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
Ссылки
- Third Party AdvisoryVDB Entry
- VDB Entry
- Release Notes
- Third Party AdvisoryVDB Entry
- VDB Entry
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.9 (включая)
cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01305
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
EPSS
Процентиль: 79%
0.01305
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22