CVE-2019-10910 — SQL Injection in Symfony
Severity
9.8CRITICALNVD
OSV5.4
EPSS
11.9%
top 6.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 16
Latest updateNov 18
Description
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages7 packages
Patches
🔴Vulnerability Details
5OSV▶
CVE-2019-10909: This security release fixes third-party dependencies included in or required by Drupal core↗2019-04-17
📋Vendor Advisories
2💬Community
5Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [epel-all]↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [fedora-all]↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony4: php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [fedora-all]↗2019-06-12
Bugzilla▶
CVE-2019-10909 CVE-2019-10910 CVE-2019-10912 CVE-2019-10913 CVE-2018-19790 CVE-2018-19789 php-symfony3: php-symfony: Multiple vulnerabilities fixed in symfony 2.8.7 [fedora-all]↗2019-06-12