CVE-2012-5574

lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.

Date published : 2012-12-17

http://www.securityfocus.com/bid/56685

http://symfony.com/blog/security-release-symfony-1-4-20-released