Approved changes feed: RSS · Atom

cpe:2.3:a:21degrees:symphony:1.5:*:*:*:*:*:*:*

part: a version: 1.5 update: *

Vendor21Degrees (14811ce2-2c92-5753-8e19-a16256d23391)
ProductSymphony (5a7a04b0-678f-52e0-a6ab-7a487514e4c1)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2008-3592 vulnerable 2026-06-08 04:50:35.521255 Details available
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
Published: 2008-08-11T23:00:00.000Z
Updated: 2024-08-07T09:45:18.963Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2008-3591 vulnerable 2026-06-08 04:50:35.517525 Details available
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
Published: 2008-08-11T23:00:00.000Z
Updated: 2024-08-07T09:45:18.959Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.