Symphony CMS CVE-2017-7694 Remote Code Execution Vulnerability

Symphony CMS is prone to a remote code-execution vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition.

Symphony CMS 2.6.11 and prior versions are vulnerable.

Information

Bugtraq ID: 97594
Class: Unknown
CVE: CVE-2017-7694

Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 12 2017 09:03PM
Credit: math1as
Vulnerable: Symphony-Cms Symphony-Cms 2.6.11
Symphony-Cms Symphony Cms 2.6.7
Symphony-Cms Symphony Cms 2.6.5
Symphony-Cms Symphony Cms 2.6.4
Symphony-Cms Symphony Cms 2.1
Symphony-Cms Symphony Cms 2.0.7
Symphony-Cms Symphony Cms 2.6.3
Symphony-Cms Symphony Cms 2.6.10
Symphony-Cms Symphony Cms 2.3.2
Symphony-Cms Symphony Cms 2.3.1
Symphony-Cms Symphony Cms 2.3.0
Symphony-Cms Symphony Cms 2.1.1
Symphony-Cms Symphony Cms 2.0.6
Symphony-Cms Symphony Cms 2.0.5
Symphony-Cms Symphony Cms 2.0.4
Symphony-Cms Symphony Cms 2.0.3
Symphony-Cms Symphony Cms 2.0

Not Vulnerable:

References:

• Fix remote code execution by auth'd users (symphonycms)
  
• security bug Reported #2655 (symphonycms)
  
• Symphony Homepage (Symphony)
  

Source: www.securityfocus.com