CVE-2017-7694

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-7694

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7694.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7694

Published

2017-04-11T23:59:00.203Z

Modified

2026-04-10T04:00:59.807376Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.

References

Affected packages

Git / github.com/symphonycms/symphonycms

Affected ranges

Type

GIT

Repo

https://github.com/symphonycms/symphonycms

Events

Introduced

Last affected

dba6406087cb72e824b3f01d710cd52da3afaa26

Fixed

e30a18f8f09dca836e141bf126a26e565c9a2bc7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.11"
        }
    ]
}

Affected versions

2.*

2.0

2.0.1

2.0.2

2.0.4

2.0.7

2.0.7RC1

2.0.7RC2

2.0.7beta

2.1.2

2.2

2.2.2

2.2.3

2.2.4

2.2.5

2.3

2.3.1

2.3.1RC1

2.3.1RC2

2.3.1RC3

2.3.1beta1

2.3.1beta2

2.3.2

2.3.2RC1

2.3.2RC2

2.3.2beta1

2.3.2beta2

2.3.3

2.3.3RC1

2.3.3RC2

2.3.3RC3

2.3.3beta1

2.3.3beta2

2.3.3beta3

2.3.4

2.3.4RC1

2.3.4beta1

2.3.4beta2

2.3.5

2.3.5RC1

2.3.5beta1

2.3.6

2.3RC2

2.3RC3

2.3RC4

2.3beta1

2.3beta2

2.3beta3

2.4

2.4RC1

2.4RC2

2.4beta1

2.4beta3

2.5.0

2.5.1

2.5.2

2.5.2-beta.1

2.5.2-rc.1

2.6.0

2.6.0-beta.1

2.6.0-beta.2

2.6.0-rc.1

2.6.1

2.6.10

2.6.11

2.6.2

2.6.3

2.6.4

2.6.5

2.6.6

2.6.7

2.6.8

2.6.9

Other

rev5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7694.json"