CVE-2008-4810

Опубликовано: 31 окт. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:smarty:smarty:1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.0a:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.0b:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.10:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.11:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.12:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.13:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.14:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.15:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.16:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.17:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.18:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01407

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2008-4810

ubuntu

больше 17 лет назад

CVE-2008-4810

debian

больше 17 лет назад

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...

GHSA-c7vg-7rfq-795p

github

больше 3 лет назад

EPSS

Процентиль: 80%

0.01407

Низкий

7.5 High

CVSS2

Дефекты

CWE-94