Nicolas Brassard

3 exploits Active since Apr 2017
CVE-2017-7694 WRITEUP HIGH WRITEUP
Symphony CMS <2.6.11 - Authenticated RCE
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
CVSS 8.8
CVE-2017-8876 WRITEUP MEDIUM WRITEUP
Symphony 2 <2.6.11 - XSS
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
CVSS 6.1
CVE-2018-12043 WRITEUP MEDIUM WRITEUP
Symphony 2.7.6 - XSS
content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
CVSS 6.1