Vulnerability Description
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Getsymphony | Symphony | <= 2.6.9 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95689Third Party AdvisoryVDB Entry
- https://github.com/symphonycms/symphony-2/issues/2639VDB Entry
- https://github.com/symphonycms/symphony-2/releases/tag/2.6.10Release Notes
- http://www.securityfocus.com/bid/95689Third Party AdvisoryVDB Entry
- https://github.com/symphonycms/symphony-2/issues/2639VDB Entry
- https://github.com/symphonycms/symphony-2/releases/tag/2.6.10Release Notes
FAQ
What is CVE-2017-5541?
CVE-2017-5541 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder ...
How severe is CVE-2017-5541?
CVE-2017-5541 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5541?
Check the references section above for vendor advisories and patch information. Affected products include: Getsymphony Symphony.