Lucene search

[email protected]NVD:CVE-2008-1066

HistoryFeb 28, 2008 - 8:44 p.m.

CVE-2008-1066

2008-02-2820:44:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.019

Percentile

88.8%

JSON

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a ‘\0’ character in a search string.

Affected configurations

NVD

Node

smartysmartyRange≤2.6.18

References

blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html

secunia.com/advisories/29241

secunia.com/advisories/29392

secunia.com/advisories/29398

secunia.com/advisories/29405

secunia.com/advisories/29562

secunia.com/advisories/29839

security.gentoo.org/glsa/glsa-201111-04.xml

www.debian.org/security/2008/dsa-1520

www.phpinsider.com/smarty-forum/viewtopic.php?p=47652

www.securityfocus.com/bid/28105

www.smarty.net/misc/NEWS

exchange.xforce.ibmcloud.com/vulnerabilities/41002

www.redhat.com/archives/fedora-package-announce/2008-April/msg00298.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00358.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00551.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.019

Percentile

88.8%

JSON

Related for NVD:CVE-2008-1066

fedora3 openvas12 securityvulns3 nessus7 altlinux2 prion1 ubuntucve1 gentoo2 cvelist1 cve1 debian1 redhatcve1