← back
CVE-2017-7694

CVE-2017-7694

EPSS 4.4%
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/symphonycms/symphony-2/commit/e30a18f8f09dca836e141bf126a26e565c9a2bc7https://github.com/symphonycms/symphony-2/issues/2655http://www.math1as.com/symphonycms_2.7_exec.txthttp://www.securityfocus.com/bid/97594