CVE-2015-7809

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
06/11/2015
Last modified:
12/04/2025

Description

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:* 1.19.0 (including)