Vulnerability Database

313,519

Total vulnerabilities in the database

CVE-2013-7346

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.

Published: Mar 27, 2014
Updated: Nov 9, 2025
CVE: CVE-2013-7346
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
getsymphony / symphony	2.0	2.0.x
getsymphony / symphony	2.0.3	2.0.3.x
getsymphony / symphony	2.0.4	2.0.4.x
getsymphony / symphony	2.0.5	2.0.5.x
getsymphony / symphony	2.0.6	2.0.6.x
getsymphony / symphony	2.0.7	2.0.7.x
getsymphony / symphony	2.1.0	2.1.0.x
getsymphony / symphony	2.1.1	2.1.1.x
getsymphony / symphony	2.3	2.3.x
getsymphony / symphony	-	2.3.1.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo