CVE-2008-1066

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 2.6.19

Description The issue concerns multiple vulnerabilities in the Smarty package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the modifier.regex replace.php plugin in Smarty allows attackers to call arbitrary PHP functions via templates by utilizing a '0' character in a search string.

Recommendations For versions prior to 2.6.19, update to version 2.6.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the modifier.regex replace.php plugin until a patch is available. Avoid using the search string parameter in the affected plugin to minimize the risk of exploitation.