SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2008-08-11 23:41
Updated : 2024-02-04 17:33
NVD link : CVE-2008-3591
Mitre link : CVE-2008-3591
CVE.ORG link : CVE-2008-3591
JSON object : View
Products Affected
21degrees
- symphony
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')