Lucene search
HistoryOct 31, 2008 - 6:09 p.m.
CVE-2008-4811
cve-2008-4811
remote code execution
smarty
security vulnerability
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.012
Percentile
85.1%
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
Affected configurations
Node
smartysmartyRange≤2.6.20
ORsmartysmartyMatch1.0
ORsmartysmartyMatch1.0a
ORsmartysmartyMatch1.0b
ORsmartysmartyMatch1.1.0
ORsmartysmartyMatch1.2.0
ORsmartysmartyMatch1.2.1
ORsmartysmartyMatch1.2.2
ORsmartysmartyMatch1.3.0
ORsmartysmartyMatch1.3.1
ORsmartysmartyMatch1.3.2
ORsmartysmartyMatch1.4.0
ORsmartysmartyMatch1.4.0b1
ORsmartysmartyMatch1.4.0b2
ORsmartysmartyMatch1.4.1
ORsmartysmartyMatch1.4.2
ORsmartysmartyMatch1.4.3
ORsmartysmartyMatch1.4.4
ORsmartysmartyMatch1.4.5
ORsmartysmartyMatch1.4.6
ORsmartysmartyMatch1.5.0
ORsmartysmartyMatch1.5.1
ORsmartysmartyMatch1.5.2
ORsmartysmartyMatch2.0.0
ORsmartysmartyMatch2.0.1
ORsmartysmartyMatch2.1.0
ORsmartysmartyMatch2.1.1
ORsmartysmartyMatch2.2.0
ORsmartysmartyMatch2.3.0
ORsmartysmartyMatch2.3.1
ORsmartysmartyMatch2.4.0
ORsmartysmartyMatch2.4.1
ORsmartysmartyMatch2.4.2
ORsmartysmartyMatch2.5.0
ORsmartysmartyMatch2.5.0rc1
ORsmartysmartyMatch2.5.0rc2
ORsmartysmartyMatch2.6.0
ORsmartysmartyMatch2.6.0rc1
ORsmartysmartyMatch2.6.0rc2
ORsmartysmartyMatch2.6.0rc3
ORsmartysmartyMatch2.6.1
ORsmartysmartyMatch2.6.2
ORsmartysmartyMatch2.6.3
ORsmartysmartyMatch2.6.4
ORsmartysmartyMatch2.6.5
ORsmartysmartyMatch2.6.6
ORsmartysmartyMatch2.6.7
ORsmartysmartyMatch2.6.9
ORsmartysmartyMatch2.6.10
ORsmartysmartyMatch2.6.11
ORsmartysmartyMatch2.6.12
ORsmartysmartyMatch2.6.13
ORsmartysmartyMatch2.6.14
ORsmartysmartyMatch2.6.15
ORsmartysmartyMatch2.6.16
ORsmartysmartyMatch2.6.17
ORsmartysmartyMatch2.6.18
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smarty | smarty | 1.5.2 | cpe:/a:smarty:smarty:1.5.2::: |
| smarty | smarty | 2.4.1 | cpe:/a:smarty:smarty:2.4.1::: |
| smarty | smarty | 2.5.0 | cpe:/a:smarty:smarty:2.5.0:rc1:: |
| smarty | smarty | 2.6.1 | cpe:/a:smarty:smarty:2.6.1::: |
| smarty | smarty | 2.6.14 | cpe:/a:smarty:smarty:2.6.14::: |
| smarty | smarty | 1.0a | cpe:/a:smarty:smarty:1.0a::: |
| smarty | smarty | 2.4.0 | cpe:/a:smarty:smarty:2.4.0::: |
| smarty | smarty | 2.6.7 | cpe:/a:smarty:smarty:2.6.7::: |
| smarty | smarty | 1.4.4 | cpe:/a:smarty:smarty:1.4.4::: |
| smarty | smarty | 2.6.0 | cpe:/a:smarty:smarty:2.6.0::: |
Related
openvas
openvas
Fedora Update for php-Smarty FEDORA-2008-9401
2009-02-17 00:00:00
Fedora Update for php-Smarty FEDORA-2008-9420
2009-02-17 00:00:00
Fedora Update for php-Smarty FEDORA-2008-10409
2009-02-16 00:00:00
nessus
nessus
Fedora 8 : php-Smarty-2.6.20-2.fc8 (2008-9401)
2008-11-07 00:00:00
Fedora 10 : php-Smarty-2.6.20-2.fc10 (2008-10409)
2009-04-23 00:00:00
Fedora 9 : php-Smarty-2.6.20-2.fc9 (2008-9420)
2008-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2008-4811
2008-10-31 00:00:00
cvelist
cvelist
CVE-2008-4811
2008-10-31 17:18:00
fedora
fedora
[SECURITY] Fedora 8 Update: php-Smarty-2.6.20-2.fc8
2008-11-07 02:50:20
[SECURITY] Fedora 10 Update: php-Smarty-2.6.20-2.fc10
2008-11-26 06:25:03
[SECURITY] Fedora 9 Update: php-Smarty-2.6.20-2.fc9
2008-11-07 02:52:04
prion
prion
Code injection
2008-10-31 18:09:00
redhatcve
redhatcve
CVE-2008-4811
2019-10-04 20:37:34
nvd
nvd
CVE-2008-4811
2008-10-31 18:09:08
altlinux
altlinux
Security fix for the ALT Linux 6 package smarty version 2.6.22-alt1
2009-01-27 00:00:00
Security fix for the ALT Linux 7 package smarty version 2.6.22-alt1
2009-01-27 00:00:00
gentoo
gentoo
Smarty: Multiple vulnerabilities
2010-06-02 00:00:00
debian
debian
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilities
2008-12-22 08:27:17
osv
osv
moodle - several vulnerabilities
2008-12-22 00:00:00
ubuntu
ubuntu
Moodle vulnerabilities
2009-06-24 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.012
Percentile
85.1%
Related for CVE-2008-4811