Published: 03/01/2018 Updated: 04/02/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Smarty 3 prior to 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smarty smarty

Debian Bug report logs - #886460 smarty3: CVE-2017-1000480 Package: src:smarty3; Maintainer for src:smarty3 is Mike Gabriel <sunweaver@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Jan 2018 10:45:01 UTC Severity: important Tags: security, upstream Found in version smarty3/3131+20 ...

It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty For the oldstable distribution (jessie), this problem has been fixed in version 3121-1+deb8u1 For the stable distribution (str ...

CWE-94 https://github.com/smarty-php/smarty/blob/master/change_log.txt https://www.debian.org/security/2018/dsa-4094 https://lists.debian.org/debian-lts-announce/2018/02/msg00000.html https://lists.debian.org/debian-lts-announce/2018/01/msg00023.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886460 https://nvd.nist.gov https://www.debian.org/security/./dsa-4094

CVE-2017-1000480

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect