SQL Injection in Symphony

Description
  • An SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. This vulnerability can also be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Remediation
  • Upgrade to the latest version of Symphony.
References