CVE-2024-51736 – Symphony process is a module for the Symphony PHP framework which executes commands in …

6 November 2024

Vuln ID: CVE-2024-51736

Published: 2024-11-06 21:15:06.600

Description: Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Base Score: 0 – NONE

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Source: NVD.NIST.GOV

Date:

6 November 2024

Categorie(s):

NVD

Tag(s):

NVD

Smashing Security podcast #392: Pasta spies and private eyes, and are you applying for a ghost job?7 November 2024
Rapid7’s revenue and earnings top forecasts amid product enhancements7 November 2024
Google Cloud mandates MFA by end of 20256 November 2024
AI-Assisted Attacks Top Cyber Threat For Third Consecutive Quarter, Gartner Finds6 November 2024
Increasing Awareness of DNS Hijacking: A Growing Cyber Threat6 November 2024