SQL Injection and Remote Code Execution Vulnerability in Symfony Dependency Injection

SQL Injection and Remote Code Execution Vulnerability in Symfony Dependency Injection

CVE-2019-10910 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.