CVE-2014-8350

Опубликовано: 03 нояб. 2014

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*

Версия до 3.1.20 (включая)

cpe:2.3:a:smarty:smarty:1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.0a:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.0b:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.4.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.3.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.3.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.4.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.10:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.11:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.12:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.13:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.14:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.15:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.16:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.17:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.18:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.20:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.22:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.24:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.25:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:2.6.26:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:beta6:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:beta7:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:beta8:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.0:rc4:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1:rc1:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.15:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.16:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.17:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.18:*:*:*:*:*:*:*

cpe:2.3:a:smarty:smarty:3.1.19:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00473

Низкий

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

CVE-2014-8350

ubuntu

больше 11 лет назад

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

CVE-2014-8350

debian

больше 11 лет назад

Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...

GHSA-2pmx-6mm6-6v72

github

больше 3 лет назад

Smarty arbitrary PHP code execution

EPSS

Процентиль: 64%

0.00473

Низкий

7.5 High

CVSS2

Дефекты

CWE-94