Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-1066

Published: 28/02/2008 Updated: 08/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Smarty

Vulnerability Summary

The modifier.regex_replace.php plugin in Smarty prior to 2.6.19, as used by Serendipity (S9Y) and other products, allows malicious users to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

Vulnerable Product Search on Vulmon Subscribe to Product

smarty smarty

Vendor Advisories

Debian Security Advisories: DSA-1520-1 smarty -- insufficient input sanitising
It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string For the old stable distribution (sarge), this problem has been fixed in version 269-1sarge1 For the stable distribution (etch), this proble ...

References

CWE-20http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.htmlhttp://www.phpinsider.com/smarty-forum/viewtopic.php?p=47652http://www.smarty.net/misc/NEWShttp://www.securityfocus.com/bid/28105http://secunia.com/advisories/29241http://www.debian.org/security/2008/dsa-1520http://secunia.com/advisories/29405http://secunia.com/advisories/29398https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00551.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.htmlhttp://secunia.com/advisories/29562http://secunia.com/advisories/29392https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00358.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00298.htmlhttp://secunia.com/advisories/29839http://security.gentoo.org/glsa/glsa-201111-04.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/41002https://nvd.nist.govhttps://www.debian.org/security/./dsa-1520
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook