1. 5
    Secret fragments: Remote code execution on Symfony based websites php security ambionics.io
    jvoisin avatar via jvoisin 4 months ago | cached | 1 comment

  1.  

  2. 1
    yumaikas avatar yumaikas 4 months ago | link

    Why is arbitrary code execution (even if it’s HMAC signed), an allowed thing in Symfony based websites? Why isn’t the code to be executed whitelisted against a list of controllers or the like?