CVE-2008-4811

First published: Fri Oct 31 2008(Updated: )

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Smarty Smarty	=1.4.3
Smarty Smarty	=1.0
Smarty Smarty	=1.0b
Smarty Smarty	=2.3.1
Smarty Smarty	=2.6.0-rc3
Smarty Smarty	=1.4.0
Smarty Smarty	=1.4.5
Smarty Smarty	=2.6.1
Smarty Smarty	=2.6.7
Smarty Smarty	=2.3.0
Smarty Smarty	=1.0a
Smarty Smarty	=1.1.0
Smarty Smarty	=1.4.0-b2
Smarty Smarty	=2.6.0
Smarty Smarty	=2.6.15
Smarty Smarty	=2.6.3
Smarty Smarty	=2.6.14
Smarty Smarty	=2.5.0-rc1
Smarty Smarty	=1.2.1
Smarty Smarty	=2.6.17
Smarty Smarty	=2.6.11
Smarty Smarty	=2.6.0-rc2
Smarty Smarty	=1.3.0
Smarty Smarty	=1.4.1
Smarty Smarty	=2.5.0-rc2
Smarty Smarty	=2.0.1
Smarty Smarty	=2.5.0
Smarty Smarty	=1.4.2
Smarty Smarty	=1.5.0
Smarty Smarty	<=2.6.20
Smarty Smarty	=2.1.0
Smarty Smarty	=1.5.2
Smarty Smarty	=2.6.12
Smarty Smarty	=2.6.18
Smarty Smarty	=1.5.1
Smarty Smarty	=2.0.0
Smarty Smarty	=2.4.1
Smarty Smarty	=2.6.6
Smarty Smarty	=2.6.16
Smarty Smarty	=2.6.9
Smarty Smarty	=1.2.2
Smarty Smarty	=2.6.0-rc1
Smarty Smarty	=2.1.1
Smarty Smarty	=2.6.4
Smarty Smarty	=2.2.0
Smarty Smarty	=2.4.2
Smarty Smarty	=2.6.10
Smarty Smarty	=2.6.2
Smarty Smarty	=1.4.0-b1
Smarty Smarty	=2.6.13
Smarty Smarty	=2.6.5
Smarty Smarty	=1.3.2
Smarty Smarty	=2.4.0
Smarty Smarty	=1.3.1
Smarty Smarty	=1.4.4
Smarty Smarty	=1.4.6
Smarty Smarty	=1.2.0
Smarty Smarty	<=2.6.20

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/references
agent/weakness
agent/type
agent/event
agent/softwarecombine
agent/last-modified-date
agent/description
agent/author
agent/first-publish-date
agent/severity
agent/tags
collector/mitre-cve
source/MITRE
vendor/smarty
canonical/smarty smarty
version/smarty smarty/1.4.3
version/smarty smarty/1.0
version/smarty smarty/1.0b
version/smarty smarty/2.3.1
version/smarty smarty/2.6.0-rc3
version/smarty smarty/1.4.0
version/smarty smarty/1.4.5
version/smarty smarty/2.6.1
version/smarty smarty/2.6.7
version/smarty smarty/2.3.0
version/smarty smarty/1.0a
version/smarty smarty/1.1.0
version/smarty smarty/1.4.0-b2
version/smarty smarty/2.6.0
version/smarty smarty/2.6.15
version/smarty smarty/2.6.3
version/smarty smarty/2.6.14
version/smarty smarty/2.5.0-rc1
version/smarty smarty/1.2.1
version/smarty smarty/2.6.17
version/smarty smarty/2.6.11
version/smarty smarty/2.6.0-rc2
version/smarty smarty/1.3.0
version/smarty smarty/1.4.1
version/smarty smarty/2.5.0-rc2
version/smarty smarty/2.0.1
version/smarty smarty/2.5.0
version/smarty smarty/1.4.2
version/smarty smarty/1.5.0
version/smarty smarty/2.6.20
version/smarty smarty/2.1.0
version/smarty smarty/1.5.2
version/smarty smarty/2.6.12
version/smarty smarty/2.6.18
version/smarty smarty/1.5.1
version/smarty smarty/2.0.0
version/smarty smarty/2.4.1
version/smarty smarty/2.6.6
version/smarty smarty/2.6.16
version/smarty smarty/2.6.9
version/smarty smarty/1.2.2
version/smarty smarty/2.6.0-rc1
version/smarty smarty/2.1.1
version/smarty smarty/2.6.4
version/smarty smarty/2.2.0
version/smarty smarty/2.4.2
version/smarty smarty/2.6.10
version/smarty smarty/2.6.2
version/smarty smarty/1.4.0-b1
version/smarty smarty/2.6.13
version/smarty smarty/2.6.5
version/smarty smarty/1.3.2
version/smarty smarty/2.4.0
version/smarty smarty/1.3.1
version/smarty smarty/1.4.4
version/smarty smarty/1.4.6
version/smarty smarty/1.2.0

CVE-2008-4811

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact