Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command execution hijack on Windows with Process class in symfony/process
Vulnerability Description
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named `cmd.exe` is located in the current working directory it will be called by the `Process` class when preparing command arguments, leading to possible hijacking. This issue has been addressed in release versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Symfony 命令注入漏洞
Vulnerability Description
Symfony是Symfony公司的一个用于 Web 和控制台应用程序的 PHP 框架以及一组可重用的 PHP 组件。 Symfony存在命令注入漏洞,该漏洞源于当前工作目录中存在名为cmd.exe的可执行文件时,可能导致劫持。
CVSS Information
N/A
Vulnerability Type
N/A