Join GitHub today
File Manipulation and Cross Site Scripting in usererror.missing_extension.php #2639
Data from $_POST is passed directly into filepath, attacker may control filepath with injecting
Cross Site Scripting
Here data from
Thank you for reporting @Xyntax.
If you ever discover of security bugs. please follow our disclosure policy: https://github.com/symphonycms/symphony-2/wiki/Security-Bug-Disclosure