CVE-2011-4340

Symphony CMS < 2.2.4 - Authenticated Cross-Site Scripting via Profile or Filter Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4340. PoCs published by Mesut Timur.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Symphony CMS versions prior to 2.2.4. It includes a sample XSS payload but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mesut Timur · textwebappsphp

https://www.exploit-db.com/exploits/36280

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in Symphony CMS versions prior to 2.2.4. It includes a sample XSS payload but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Symphony CMS < 2.2.4

No auth needed

Prerequisites: Access to a vulnerable Symphony CMS instance

MITRE ATT&CK