CVE-2013-7346
Summary
| CVE | CVE-2013-7346 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-03-27 16:55:00 UTC |
| Updated | 2020-08-25 15:59:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Getsymphony | Symphony | 2.0 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.3 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.4 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.5 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.6 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.7 | All | All | All |
| Application | Getsymphony | Symphony | 2.1.0 | All | All | All |
| Application | Getsymphony | Symphony | 2.1.1 | All | All | All |
| Application | Getsymphony | Symphony | 2.3 | All | All | All |
| Application | Getsymphony | Symphony | 2.0 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.3 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.4 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.5 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.6 | All | All | All |
| Application | Getsymphony | Symphony | 2.0.7 | All | All | All |
| Application | Getsymphony | Symphony | 2.1.0 | All | All | All |
| Application | Getsymphony | Symphony | 2.1.1 | All | All | All |
| Application | Getsymphony | Symphony | 2.3 | All | All | All |
| Application | Getsymphony | Symphony | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| NEOHAPSIS - Peace of Mind Through Integrity and Insight | BUGTRAQ | archives.neohapsis.com | Exploit |
| File Not Found | MISC | www.htbridge.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.