Lucene search
HistoryOct 31, 2008 - 6:09 p.m.
CVE-2008-4811
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.012
Percentile
85.1%
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
Affected configurations
Node
smartysmartyRange≤2.6.20
ORsmartysmartyMatch1.0
ORsmartysmartyMatch1.0a
ORsmartysmartyMatch1.0b
ORsmartysmartyMatch1.1.0
ORsmartysmartyMatch1.2.0
ORsmartysmartyMatch1.2.1
ORsmartysmartyMatch1.2.2
ORsmartysmartyMatch1.3.0
ORsmartysmartyMatch1.3.1
ORsmartysmartyMatch1.3.2
ORsmartysmartyMatch1.4.0
ORsmartysmartyMatch1.4.0b1
ORsmartysmartyMatch1.4.0b2
ORsmartysmartyMatch1.4.1
ORsmartysmartyMatch1.4.2
ORsmartysmartyMatch1.4.3
ORsmartysmartyMatch1.4.4
ORsmartysmartyMatch1.4.5
ORsmartysmartyMatch1.4.6
ORsmartysmartyMatch1.5.0
ORsmartysmartyMatch1.5.1
ORsmartysmartyMatch1.5.2
ORsmartysmartyMatch2.0.0
ORsmartysmartyMatch2.0.1
ORsmartysmartyMatch2.1.0
ORsmartysmartyMatch2.1.1
ORsmartysmartyMatch2.2.0
ORsmartysmartyMatch2.3.0
ORsmartysmartyMatch2.3.1
ORsmartysmartyMatch2.4.0
ORsmartysmartyMatch2.4.1
ORsmartysmartyMatch2.4.2
ORsmartysmartyMatch2.5.0
ORsmartysmartyMatch2.5.0rc1
ORsmartysmartyMatch2.5.0rc2
ORsmartysmartyMatch2.6.0
ORsmartysmartyMatch2.6.0rc1
ORsmartysmartyMatch2.6.0rc2
ORsmartysmartyMatch2.6.0rc3
ORsmartysmartyMatch2.6.1
ORsmartysmartyMatch2.6.2
ORsmartysmartyMatch2.6.3
ORsmartysmartyMatch2.6.4
ORsmartysmartyMatch2.6.5
ORsmartysmartyMatch2.6.6
ORsmartysmartyMatch2.6.7
ORsmartysmartyMatch2.6.9
ORsmartysmartyMatch2.6.10
ORsmartysmartyMatch2.6.11
ORsmartysmartyMatch2.6.12
ORsmartysmartyMatch2.6.13
ORsmartysmartyMatch2.6.14
ORsmartysmartyMatch2.6.15
ORsmartysmartyMatch2.6.16
ORsmartysmartyMatch2.6.17
ORsmartysmartyMatch2.6.18
Related
openvas
openvas
Fedora Update for php-Smarty FEDORA-2008-9401
2009-02-17 00:00:00
Fedora Update for php-Smarty FEDORA-2008-9420
2009-02-17 00:00:00
Fedora Update for php-Smarty FEDORA-2008-10409
2009-02-16 00:00:00
cvelist
cvelist
CVE-2008-4811
2008-10-31 17:18:00
fedora
fedora
[SECURITY] Fedora 8 Update: php-Smarty-2.6.20-2.fc8
2008-11-07 02:50:20
[SECURITY] Fedora 10 Update: php-Smarty-2.6.20-2.fc10
2008-11-26 06:25:03
[SECURITY] Fedora 9 Update: php-Smarty-2.6.20-2.fc9
2008-11-07 02:52:04
nessus
nessus
Fedora 9 : php-Smarty-2.6.20-2.fc9 (2008-9420)
2008-11-07 00:00:00
Fedora 8 : php-Smarty-2.6.20-2.fc8 (2008-9401)
2008-11-07 00:00:00
Fedora 10 : php-Smarty-2.6.20-2.fc10 (2008-10409)
2009-04-23 00:00:00
prion
prion
Code injection
2008-10-31 18:09:00
ubuntucve
ubuntucve
CVE-2008-4811
2008-10-31 00:00:00
redhatcve
redhatcve
CVE-2008-4811
2019-10-04 20:37:34
cve
cve
CVE-2008-4811
2008-10-31 18:09:08
altlinux
altlinux
Security fix for the ALT Linux 6 package smarty version 2.6.22-alt1
2009-01-27 00:00:00
Security fix for the ALT Linux 7 package smarty version 2.6.22-alt1
2009-01-27 00:00:00
gentoo
gentoo
Smarty: Multiple vulnerabilities
2010-06-02 00:00:00
osv
osv
moodle - several vulnerabilities
2008-12-22 00:00:00
debian
debian
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilities
2008-12-22 08:27:17
ubuntu
ubuntu
Moodle vulnerabilities
2009-06-24 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.012
Percentile
85.1%
Related for NVD:CVE-2008-4811