CVE-2015-2308 Information

Description

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27 2.4.x and 2.5.x before 2.5.11 and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language=\php\ attribute of a SCRIPT element.

Reference

http://jvn.jp/en/jp/JVN19578958/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000089 http://www.securityfocus.com/bid/75357 https://symfony.com/blog/cve-2015-2308-esi-code-injection