Vulnerabilities > Sensiolabs

DATE CVE VULNERABILITY TITLE RISK
2019-05-23 CVE-2017-11365 Improper Access Control vulnerability in Sensiolabs Symfony
Certain Symfony products are affected by: Incorrect Access Control.
network
low complexity
sensiolabs CWE-284
critical
9.8
2019-05-16 CVE-2019-10913 SQL Injection vulnerability in Sensiolabs Symfony
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, HTTP Methods provided as verbs or using the override header may be treated as trusted input, but they are not validated, possibly causing SQL injection or XSS.
network
low complexity
sensiolabs CWE-89
critical
9.8
2019-05-16 CVE-2019-10912 Deserialization of Untrusted Data vulnerability in Sensiolabs Symfony
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input.
network
low complexity
sensiolabs CWE-502
7.1
2019-05-16 CVE-2019-10911 Improper Authentication vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled.
network
high complexity
sensiolabs drupal CWE-287
7.5
2019-05-16 CVE-2019-10910 SQL Injection vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution.
network
low complexity
sensiolabs drupal CWE-89
critical
9.8
2019-05-16 CVE-2019-10909 Cross-site Scripting vulnerability in multiple products
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included.
network
low complexity
sensiolabs drupal CWE-79
5.4
2018-12-18 CVE-2018-19790 Open Redirect vulnerability in multiple products
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1.
network
low complexity
sensiolabs fedoraproject debian CWE-601
6.1
2018-12-18 CVE-2018-19789 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1.
network
low complexity
sensiolabs debian CWE-434
5.3
2018-08-06 CVE-2017-16790 Improper Input Validation vulnerability in multiple products
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5.
network
low complexity
sensiolabs debian CWE-20
6.5
2018-08-06 CVE-2017-16654 Path Traversal vulnerability in multiple products
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5.
network
low complexity
sensiolabs debian CWE-22
7.5