CVE-2012-5574Symfony vulnerability

CWE-2646 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 38.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sensiolabs Symfony
Timeline
PublishedDec 18
Latest updateMay 17

Description

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsensiolabs/symfony1.4.19+19

Patches

Patch: symfony.comPatch: trac.symfony-project.orgPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-hf4c-m2jg-33qx: lib/form/sfForm2022-05-17
CVEList
CVE-2012-5574: lib/form/sfForm2012-12-18

💬Community

3
Bugzilla
CVE-2012-5574 php-symfony-symfony: Ability to read arbitrary files on the server, readable with the web server privileges2012-11-26
Bugzilla
CVE-2012-5574 php-symfony-symfony: Ability to read arbitrary files on the server, readable with the web server privileges [epel-6]2012-11-26
Bugzilla
CVE-2012-5574 php-symfony-symfony: Ability to read arbitrary files on the server, readable with the web server privileges [fedora-all]2012-11-26
CVE-2012-5574 — Sensiolabs Symfony vulnerability | cvebase