Total vulnerabilities in the database
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
| Software | From | Fixed in |
|---|---|---|
| 21degrees / symphony | - | 1.7.01.x |
| 21degrees / symphony | 1.5 | 1.5.x |
| 21degrees / symphony | 1.5.06 | 1.5.06.x |
| 21degrees / symphony | 1.6.02 | 1.6.02.x |
| 21degrees / symphony | 1.1 | 1.1.x |
| 21degrees / symphony | 1.7 | 1.7.x |
| 21degrees / symphony | 1.5.05 | 1.5.05.x |