{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T04:49:22.253","vulnerabilities":[{"cve":{"id":"CVE-2013-2559","sourceIdentifier":"cve@mitre.org","published":"2014-03-27T16:55:05.537","lastModified":"2026-06-16T23:53:38.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/.  NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en Symphony CMS anterior a 2.3.2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro sort hacia system/authors/.  NOTA: esto puede ser aprovechado mediante el uso de CSRF para permitir a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.1","matchCriteriaId":"6C440112-0B21-4832-A89C-1A343B627039"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.0:*:*:*:*:*:*:*","matchCriteriaId":"254956B4-E86A-429C-A8E6-0ABA833A9DB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"13379528-0C53-474F-B2E7-D5650C7F5F3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"8865CA96-3DF6-4499-8CEC-59977CC86FEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"570A8AE5-E4A6-4400-982C-F725D15E35ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EB2D9ACA-2A2A-4169-A8AC-ED259921E24B"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"394B8CA2-4C11-4C2C-8BFE-C2BADA341502"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"C9D49697-497A-44EC-892B-DB8C5545AFE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C922F66F-8E3D-404C-95B7-C57DA8DDC162"},{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:2.3:*:*:*:*:*:*:*","matchCriteriaId":"DF41854C-206A-4BCF-B6FD-55253E3BC0AF"}]}]}],"references":[{"url":"http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.getsymphony.com/download/releases/version/2.3.2","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/58843","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/83227","source":"cve@mitre.org"},{"url":"https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"https://www.htbridge.com/advisory/HTB23148","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://archives.neohapsis.com/archives/bugtraq/2013-04/0018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.getsymphony.com/download/releases/version/2.3.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/58843","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/83227","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/symphonycms/symphony-2/commit/6c8aa4e9c810994f7632837487426867ce50f468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]},{"url":"https://www.htbridge.com/advisory/HTB23148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}}]}