CVE-2012-5574
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
18/12/2012
Last modified:
11/04/2025
Description
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* | 1.4.19 (including) | |
| cpe:2.3:a:sensiolabs:symfony:1.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sensiolabs:symfony:1.4.11:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093698.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093920.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093922.html
- http://secunia.com/advisories/51372
- http://symfony.com/blog/security-release-symfony-1-4-20-released
- http://trac.symfony-project.org/changeset/33598
- http://www.openwall.com/lists/oss-security/2012/11/26/12
- http://www.osvdb.org/87869
- http://www.securityfocus.com/bid/56685
- https://bugs.gentoo.org/show_bug.cgi?id=444696
- https://bugzilla.redhat.com/show_bug.cgi?id=880240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80309
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093698.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093920.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/093922.html
- http://secunia.com/advisories/51372
- http://symfony.com/blog/security-release-symfony-1-4-20-released
- http://trac.symfony-project.org/changeset/33598
- http://www.openwall.com/lists/oss-security/2012/11/26/12
- http://www.osvdb.org/87869
- http://www.securityfocus.com/bid/56685
- https://bugs.gentoo.org/show_bug.cgi?id=444696
- https://bugzilla.redhat.com/show_bug.cgi?id=880240
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80309