Researchers warn users that critical vulnerabilities were discovered in Symphony CMS 2.2.3, possibly affecting the previous versions.
Security Focus informs us that some variants of the XSLT-powered open source content management systems are affected by several XSS and SQL Injection weaknesses that could allow an attacker to execute dynamic scripts or to mount attacks such as reading, updating or deleting arbitrary data or tables from the database and executing commands.
Symphony users are advised to update the software to the latest version to make sure they're protected against malicious operations.
The flaws were discovered with Netsparker, a web application that tests websites for vulnerabilities that could leave them exposed in front of hackers.
Symphony CMS 2.2.4 is available for download
here
Find us on Google+
