Symphony 2.2.4 – Cross-Site Request Forgery

Exploit Database
113 阅读

作者： High-Tech Bridge

日期： 2014-03-24
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39136/

source: https://www.securityfocus.com/bid/66536/info

Symphony is prone to a cross-site request-forgery vulnerability.

An attacker can exploit the cross-site request forgery issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.

Symphony version 2.3.1 and prior are vulnerable.

last Exploits
Symphony 2.2.4 – Cross-Site Request Forgery的更多信息

PRTG Network Monitor 20.4.63.1412 – ‘maps’ Stored XSS：
Gespage 7.4.8 – SQL Injection：
SOPlanning 1.45 – ‘by’ SQL Injection：
Devana – SQL Injection：
Ametys CMS 3.5.2 – ‘lang’ XPath Injection：
Pars Design CMS – Arbitrary File Upload：
Metasploit Web UI < 4.14.1-20170828 - Cross-Site Request Forgery：
Responsive Realestate Script 3.2 – ‘property-list?tbud’ SQL Injection：