Vulnerabilities > Sensiolabs > Symfony > 1.4.6

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2022-23601 Cross-Site Request Forgery (CSRF) vulnerability in Sensiolabs Symfony
Symfony is a PHP framework for web and console applications and a set of reusable PHP components.
6.8
2018-07-20 CVE-2017-18343 Cross-site Scripting vulnerability in Sensiolabs Symfony
The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI.
network
low complexity
sensiolabs CWE-79
6.1
2016-06-01 CVE-2016-4423 Resource Management Errors vulnerability in multiple products
The attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.
network
low complexity
sensiolabs debian CWE-399
5.0
2016-06-01 CVE-2016-1902 Cryptographic Issues vulnerability in multiple products
The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
network
low complexity
debian sensiolabs CWE-310
5.0
2012-12-18 CVE-2012-5574 Permissions, Privileges, and Access Controls vulnerability in Sensiolabs Symfony
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
network
low complexity
sensiolabs CWE-264
5.0
2012-06-07 CVE-2012-2667 Unspecified vulnerability in Sensiolabs Symfony
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
network
sensiolabs
4.3