CVE-2010-3457

Symphony CMS 2.0.7 and 2.1.1 - Cross-Site Scripting via Website Field or Recipient Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3457. PoCs published by JosS.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Symphony CMS 2.0.7, including SQL injection, XSS, and cookie manipulation via POST parameters. The PoC provides specific payloads for each vulnerability type.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by JosS · textwebappsphp

https://www.exploit-db.com/exploits/14968

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Symphony CMS 2.0.7, including SQL injection, XSS, and cookie manipulation via POST parameters. The PoC provides specific payloads for each vulnerability type.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: Symphony CMS 2.0.7

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK