Vulnerability in Sensiolabs Symfony
CVE-2012-5574
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
EPSS: 0.004 (61.6th percentile) — read the EPSS interpretation.
Affected products
- Sensiolabs Symfony — versions 1.4.0, 1.4.1, 1.4.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_MISC)
- FEDORA-2012-19235 (x_refsource_FEDORA, vendor-advisory)
- FEDORA-2012-19076 (x_refsource_FEDORA, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- 56685 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (Exploit, x_refsource_MISC)
- 87869 (x_refsource_OSVDB, vdb-entry)
- FEDORA-2012-19195 (x_refsource_FEDORA, vendor-advisory)
- 51372 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- symfony-unspecified-information-disclosure(80309) (vdb-entry, x_refsource_XF)