CVE-2008-4811

Опубликовано: 31 окт. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*

Версия до 2.6.20 (включая)

cpe:2.3:a:smarty:smarty:1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.0a:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.0b:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.10:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.11:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.12:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.13:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.14:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.15:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.16:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.17:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.18:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01003

Низкий

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2008-4811

ubuntu

больше 17 лет назад

CVE-2008-4811

debian

больше 17 лет назад

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...

GHSA-w343-xc9v-r5ww

github

больше 3 лет назад

EPSS

Процентиль: 77%

0.01003

Низкий

7.5 High

CVSS2

Дефекты

CWE-264