Adding another Symfony RCE gadget chain (CVE-2024-28861). This one is more powerful, since it covers all versions from 1.1 to 1.5, with no breaking changes.
A release of Symfony 1.5 has been done today (1.5.19) with the fix.
Also added the CVE number for the previous Symfony/RCE/12 chain in the information.
Adding another Symfony RCE gadget chain (CVE-2024-28861). This one is more powerful, since it covers all versions from 1.1 to 1.5, with no breaking changes. A release of Symfony 1.5 has been done today (1.5.19) with the fix.
Also added the CVE number for the previous Symfony/RCE/12 chain in the information.