CVSS 3.1 Score 6.8 of 10 (medium)


Published Mar 6, 2024
CWE ID 863


CVE-2024-27915 is a vulnerability in the Sulu PHP content management system. Versions 2.2.0 and prior to 2.4.17 and 2.5.13 allow access to pages regardless of role permissions for webspaces with a security system configured and permission check enabled. Webspaces without this configuration are not affected. The issue is patched in versions 2.4.17 and 2.5.13, but workarounds are also available, such as manually applying the patch or avoiding installation of certain versions of symfony/security-http. This vulnerability poses a medium risk with a base severity score of 6.8, potentially impacting integrity and confidentiality of affected organizations' systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-27915 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options