Symphony CMS Vulnerable to XSS and SQL Injection Attacks

The latest version is not susceptible so an update can fix the issues

Nov 2, 2011 07:34 GMT · By Eduard Kovacs

The old versions of Symphony CMS are highly vulnerable

14 DAY TRIAL // JUST $1.00 Play Starfield, Forza Motorsport, and hundreds of other PC games for one low monthly price.

Researchers warn users that critical vulnerabilities were discovered in Symphony CMS 2.2.3, possibly affecting the previous versions.

Security Focus informs us that some variants of the XSLT-powered open source content management systems are affected by several XSS and SQL Injection weaknesses that could allow an attacker to execute dynamic scripts or to mount attacks such as reading, updating or deleting arbitrary data or tables from the database and executing commands.

Symphony users are advised to update the software to the latest version to make sure they're protected against malicious operations.

The flaws were discovered with Netsparker, a web application that tests websites for vulnerabilities that could leave them exposed in front of hackers.

Symphony CMS 2.2.4 is available for download

here

#Symphony CMS#XSS vulernability#SQL injection