21Degrees Symphony vulnerabilities
2 known vulnerabilities affecting 21degrees/symphony.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2008-3592P3HIGHCVSS 8.5PoC≤ 1.7.01v1.1+5 more2008-08-11
CVE-2008-3592 [HIGH] CWE-94 CVE-2008-3592: Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees S
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated usin
nvd
CVE-2008-3591P3HIGHCVSS 7.5PoC≤ 1.7.01v1.1+5 more2008-08-11
CVE-2008-3591 [HIGH] CWE-89 CVE-2008-3591: SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
nvd