Smarty regex_replace Modifier Arbitrary Code Execution

2005-03-23T05:37:17
ID OSVDB:15081
Type osvdb
Reporter OSVDB
Modified 2005-03-23T05:37:17

Description

Vulnerability Description

Smarty contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the regex_replace modifier being called insecurely from templates. With a specially crafted request, an attacker can execute arbitrary code even with template security enabled.

Solution Description

Upgrade to version 2.6.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Smarty contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the regex_replace modifier being called insecurely from templates. With a specially crafted request, an attacker can execute arbitrary code even with template security enabled.

References:

Vendor URL: http://smarty.php.net/ Security Tracker: 1013556 Secunia Advisory ID:14729 Secunia Advisory ID:14785 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200503-35.xml CVE-2005-0913