Description

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

Remediation

References

CVE-2019-10910

Related Vulnerabilities

WordPress Plugin Gallery-Video Gallery and Youtube Gallery SQL Injection (2.0.9)

WordPress Plugin Quick Page/Post Redirect Cross-Site Request Forgery (5.0.4)

MySQL CVE-2021-35631 Vulnerability (CVE-2021-35631)

Django Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2026-25674)

WordPress Plugin Advance Search for WooCommerce Cross-Site Scripting (1.0.9)

Severity

Critical

Classification

CVE-2019-10910 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities