CVE-2008-3591

Published Aug 11, 2008

Last updated 7 years ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE2EEB23-8CD7-4035-87F1-EC01E61CE7C3",
            "versionEndIncluding": "1.7.01"
          },
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A06D221D-9BC8-480B-ADF6-4251C0F1E6D9"
          },
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20EEBB01-8615-4FD7-888B-E369084267FA"
          },
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:1.5.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B6D10C3-F68F-4366-9594-BD338A33F8DF"
          },
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:1.5.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C42DFAF4-F81A-467C-AD4D-1095E7A932EF"
          },
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:1.6.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48BE3B5E-72F6-4FA1-B976-0FD59EB6FFC8"
          },
          {
            "criteria": "cpe:2.3:a:21degrees:symphony:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90B1FA15-86CB-4C11-85EC-20C6A5529827"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References