Description
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge · textwebappsphp
https://www.exploit-db.com/exploits/39136
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23148
Scores
EPSS
0.0027
EPSS Percentile
50.5%
Details
CWE
CWE-352
Status
published
Products (10)
getsymphony/symphony
2.0
getsymphony/symphony
2.0.3
getsymphony/symphony
2.0.4
getsymphony/symphony
2.0.5
getsymphony/symphony
2.0.6
getsymphony/symphony
2.0.7
getsymphony/symphony
2.1.0
getsymphony/symphony
2.1.1
getsymphony/symphony
2.3
getsymphony/symphony
< 2.3.1
Published
Mar 27, 2014
Tracked Since
Feb 18, 2026