Symfony — фреймворк c открытым исходным кодом, написанный на PHP.
Релизный цикл, информация об уязвимостях
График релизов
Количество 247
CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
CVE-2013-1348
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...
CVE-2012-6432
Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring.
CVE-2012-6431
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
CVE-2012-2667
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2013-1348 The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397. | CVSS2: 7.5 | 1% Низкий | около 11 лет назад |
| CVE-2013-1348 The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ... | CVSS2: 7.5 | 1% Низкий | около 11 лет назад |
| CVE-2012-6432 Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. | CVSS2: 6.8 | 0% Низкий | больше 12 лет назад |
| CVE-2012-6431 Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string. | CVSS2: 6.4 | 0% Низкий | больше 12 лет назад |
| CVE-2012-5574 lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | CVSS2: 5 | 1% Низкий | больше 12 лет назад |
| CVE-2012-2667 Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | CVSS2: 4.3 | 1% Низкий | около 13 лет назад |
 | CVE-2012-2667 Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." | CVSS2: 4.3 | 1% Низкий | около 13 лет назад |
Уязвимостей на страницу