Remote Code Execution Vulnerability in Symphony CMS 2.6.11: Execution of Arbitrary PHP Code via Datasource and Event Editors

Remote Code Execution Vulnerability in Symphony CMS 2.6.11: Execution of Arbitrary PHP Code via Datasource and Event Editors

CVE-2017-7694 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.

Learn more about our Web App Pen Testing.