CVE-2008-3591

Description

SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.

Affected products

• 21degrees / symphony1.7.01
• 21degrees / symphony1.1 – 1.1
• 21degrees / symphony1.5 – 1.5
• 21degrees / symphony1.5.05 – 1.5.05
• 21degrees / symphony1.5.06 – 1.5.06
• 21degrees / symphony1.6.02 – 1.6.02
• 21degrees / symphony1.7 – 1.7

References

• EXPLOIThttps://www.exploit-db.com/exploits/6177
• MISChttp://securityreason.com/securityalert/4137
• MISChttp://www.securityfocus.com/bid/30477
• VENDOR_ADVISORYhttp://secunia.com/advisories/31293
• MISChttp://overture21.com/forum/comments.php?DiscussionID=1823