CVE-2015-2308
N/A
N/A
Summary
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://symfony.com/blog/cve-2015-2308-esi-code-injection
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089
- http://jvn.jp/en/jp/JVN19578958/index.html
- http://www.securityfocus.com/bid/75357
References
- https://symfony.com/blog/cve-2015-2308-esi-code-injection
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089
- http://jvn.jp/en/jp/JVN19578958/index.html
- http://www.securityfocus.com/bid/75357
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.