Symphony 2.2.4 - Cross-Site Request Forgery
Author: High-Tech Bridge type: webapps platform: php port: date_added: 2014-03-24 date_updated: 2015-12-31 verified: 1 codes: CVE-2013-7346;OSVDB-91983 tags: aliases: screenshot_url: application_url: raw file: 39136.txt
source: https://www.securityfocus.com/bid/66536/info Symphony is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Symphony version 2.3.1 and prior are vulnerable. <img src="http://www.example.com/symphony/system/authors/?order=asc&sort=id%20INTO%20OUTFILE%20%27/var/www/file.txt%27%20--%20">