Symfony 2.7.0 < 4.0.10 - Denial of Service

EDB-ID: 44768
Author: Federico Stange
Published: 2018-05-26
CVE: N/A
Type: Dos
Platform: PHP
Vulnerable App: N/A 

  
 An application is vulnerable when: 
  
 - It is using PDOSessionHandler to store its sessions; 
  
 - And it uses MySQL as a backend for sessions managed by PDOSessionHandler; 
  
 - And the SQL mode does not contain STRICT_ALL_TABLES or STRICT_TRANS_TABLES (check via SELECT @@sql_mode). 
  
 POC: 
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44768.tgz

Source: www.exploit-db.com
Related Posts