PT-2008-6021 · Smarty · Smarty

Robert Buchholz

Published

2008-10-31

Updated

2017-08-08

CVE-2008-4811

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Smarty versions 2.6.20 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via vectors related to templates and a backslash before a dollar-sign character in the expand quoted text function.

Recommendations For versions 2.6.20 and earlier, update to a version later than 2.6.20 to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-4811

DSA-1691-1

Affected Products

Smarty

PT-2008-6021 · Smarty · Smarty

CVE-2008-4811

Weakness Enumeration

Related Identifiers

Affected Products

References · 8