Published: 31/10/2008 Updated: 08/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote malicious users to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smarty smarty 2.6.0
smarty smarty 2.4.0
smarty smarty 2.3.1
smarty smarty 1.5.1
smarty smarty 1.5.0
smarty smarty 1.4.0
smarty smarty 1.2.0
smarty smarty 1.1.0
smarty smarty 1.0b
smarty smarty 2.6.7
smarty smarty 2.6.9
smarty smarty 2.6.11
smarty smarty 2.6.12
smarty smarty 2.5.0
smarty smarty 2.3.0
smarty smarty 2.2.0
smarty smarty 2.1.1
smarty smarty 1.4.6
smarty smarty 1.4.5
smarty smarty 1.3.2
smarty smarty 1.0a
smarty smarty 1.0
smarty smarty 2.6.18
smarty smarty 2.6.3
smarty smarty 2.6.13
smarty smarty 2.6.14
smarty smarty 2.1.0
smarty smarty 2.0.1
smarty smarty 1.4.4
smarty smarty 1.4.3
smarty smarty 1.3.1
smarty smarty 1.3.0
smarty smarty 2.6.1
smarty smarty 2.6.10
smarty smarty 2.6.4
smarty smarty 2.6.5
smarty smarty 2.6.15
smarty smarty 2.6.16
smarty smarty 2.4.2
smarty smarty 2.4.1
smarty smarty 2.0.0
smarty smarty 1.5.2
smarty smarty 1.4.2
smarty smarty 1.4.1
smarty smarty 1.2.2
smarty smarty 1.2.1
smarty smarty 2.6.17
smarty smarty 2.6.2
smarty smarty 2.6.6

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user (CVE-2007-3215) ...

Several remote vulnerabilities have been discovered in Moodle, an online course management system The following issues are addressed in this update, ranging from cross site scripting to remote code execution Various cross site scripting issues in the Moodle codebase (CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432, MSA-08-0021, MDL-884 ...

Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed CVE-2009-1669 The sma ...

CWE-94 http://securityvulns.ru/Udocument746.html http://smarty-php.googlecode.com/svn/trunk/NEWS http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php https://bugs.gentoo.org/attachment.cgi?id=169804&action=view http://secunia.com/advisories/32329 http://www.openwall.com/lists/oss-security/2008/10/25/2 http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php http://www.debian.org/security/2008/dsa-1691 http://www.securityfocus.com/bid/31862 https://exchange.xforce.ibmcloud.com/vulnerabilities/46031 https://usn.ubuntu.com/791-1/https://nvd.nist.gov

CVE-2008-4810

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect