CVE-2017-7694
- Source
- https://cve.org/CVERecord?id=CVE-2017-7694
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7694.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-7694
- Published
- 2017-04-11T23:59:00.203Z
- Modified
- 2026-02-05T10:48:09.494161Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
- References
-
- http://www.math1as.com/symphonycms_2.7_exec.txt
- http://www.securityfocus.com/bid/97594
- https://github.com/symphonycms/symphony-2/issues/2655
- https://github.com/symphonycms/symphony-2/commit/e30a18f8f09dca836e141bf126a26e565c9a2bc7
- https://github.com/symphonycms/symphony-2/issues/2655
- http://www.math1as.com/symphonycms_2.7_exec.txt
Affected packages
Git / github.com/symphonycms/symphony-2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/symphonycms/symphony-2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.7RC1
2.0.7RC2
2.0.7beta
2.1.0
2.1.1
2.1.2
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.5RC1
2.3
2.3.1
2.3.1RC1
2.3.1RC2
2.3.1RC3
2.3.1beta1
2.3.1beta2
2.3.2
2.3.2RC1
2.3.2RC2
2.3.2beta1
2.3.2beta2
2.3.3
2.3.3RC1
2.3.3RC2
2.3.3RC3
2.3.3beta1
2.3.3beta2
2.3.3beta3
2.3.4
2.3.4RC1
2.3.4beta1
2.3.4beta2
2.3.5
2.3.5RC1
2.3.5beta1
2.3.6
2.3RC2
2.3RC3
2.3RC4
2.3beta1
2.3beta2
2.3beta3
2.4
2.4RC1
2.4RC2
2.4beta1
2.4beta2
2.4beta3
2.5.0
2.5.0-rc.2
2.5.0RC1
2.5.0beta2
2.5.1
2.5.2
2.5.2-beta.1
2.5.2-rc.1
2.5.3
2.5.3-rc.1
2.6.0
2.6.0-beta.1
2.6.0-beta.2
2.6.0-rc.1
2.6.1
2.6.10
2.6.11
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
Other
rev5