Search Results (Refine Search)
- CPE Product Version: cpe:/a:sensiolabs:symfony:1.4.0:rc1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-5574 |
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. Published: December 17, 2012; 8:55:06 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-2667 |
Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." Published: June 07, 2012; 3:55:09 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |