CVE-2017-7694
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-7694
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7694.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-7694
- Published
- 2017-04-11T23:59:00Z
- Modified
- 2025-07-01T23:35:45.409899Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
- References
Affected packages
Git / github.com/symphonycms/symphony-2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/symphonycms/symphony-2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Type
- GIT
- Repo
- https://github.com/symphonycms/symphonycms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.7RC1
2.0.7RC2
2.0.7beta
2.1.0
2.1.1
2.1.2
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.5RC1
2.3
2.3.1
2.3.1RC1
2.3.1RC2
2.3.1RC3
2.3.1beta1
2.3.1beta2
2.3.2
2.3.2RC1
2.3.2RC2
2.3.2beta1
2.3.2beta2
2.3.3
2.3.3RC1
2.3.3RC2
2.3.3RC3
2.3.3beta1
2.3.3beta2
2.3.3beta3
2.3.4
2.3.4RC1
2.3.4beta1
2.3.4beta2
2.3.5
2.3.5RC1
2.3.5beta1
2.3.6
2.3RC2
2.3RC3
2.3RC4
2.3beta1
2.3beta2
2.3beta3
2.4
2.4RC1
2.4RC2
2.4beta1
2.4beta2
2.4beta3
2.5.0
2.5.0-rc.2
2.5.0RC1
2.5.0beta2
2.5.1
2.5.2
2.5.2-beta.1
2.5.2-rc.1
2.5.3
2.5.3-rc.1
2.6.0
2.6.0-beta.1
2.6.0-beta.2
2.6.0-rc.1
2.6.1
2.6.10
2.6.11
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
Other
rev5