PT-2011-1315 · Smarty · Smarty

Published

2011-02-03

Updated

2022-05-02

CVE-2009-5054

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.0.0 beta 4

Description The issue allows attackers to bypass intended access restrictions via standard filesystem operations because it does not consider the umask value when setting the permissions of files.

Recommendations For versions prior to 3.0.0 beta 4, update to version 3.0.0 beta 4 or later to resolve the issue.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-264

Related Identifiers

CVE-2009-5054

GHSA-6M9F-8VWQ-97PM

Affected Products

Smarty

PT-2011-1315 · Smarty · Smarty

CVE-2009-5054

Weakness Enumeration

Related Identifiers

Affected Products

References · 9