CVE-2013-7346

Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.

Published: Mar 27, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-7346
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
getsymphony / symphony	2.0	2.0.x
getsymphony / symphony	2.0.3	2.0.3.x
getsymphony / symphony	2.0.4	2.0.4.x
getsymphony / symphony	2.0.5	2.0.5.x
getsymphony / symphony	2.0.6	2.0.6.x
getsymphony / symphony	2.0.7	2.0.7.x
getsymphony / symphony	2.1.0	2.1.0.x
getsymphony / symphony	2.1.1	2.1.1.x
getsymphony / symphony	2.3	2.3.x
getsymphony / symphony	-	2.3.1.x

http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html
https://www.htbridge.com/advisory/HTB23148

Vulnerability Database

289,871

CVE-2013-7346