CVE-2024-51736

CVSS 3.1 Score 0.0 of 10 (low)

Details

Published Nov 6, 2024

CWE ID 77

Summary

CVE-2024-51736 is a vulnerability affecting the Symphony process module in the Symphony PHP framework. On Windows systems, this issue arises when the `cmd.exe` executable is present in the current working directory and is inadvertently invoked by the `Process` class during command argument preparation. This vulnerability can potentially result in hijacking. Users are recommended to upgrade to release versions 5.4.46, 6.4.14, or 7.1.7 to mitigate this risk. Unfortunately, there are currently no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0DTjm_
https://www.cve.org/CVERecord?id=CVE-2024-51736
https://nvd.nist.gov/vuln/detail/CVE-2024-51736

Back to Vulnerability Database

CVE-2024-51736

CVSS 3.1 Score 0.0 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations