Lucene search

K

PRIOn knowledge basePRION:CVE-2014-8350

HistoryNov 03, 2014 - 4:55 p.m.

Design/Logic Flaw

2014-11-0316:55:00

PRIOn knowledge base

www.prio-n.com

4

7.9 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by “{literal}<{/literal}script language=php>” in a template.

CPENameOperatorVersion
smartyeq1.4.3
smartyeq1.0
smartyeq1.0.98
smartyeq2.3.1
smartyeq3.0.0 beta6
smartyeq2.6.0 rc3
smartyeq2.6.25
smartyeq3.0.0 beta8
smartyeq3.0.5
smartyeq1.4.0

Rows per page:

1-10 of 1001

References

advisories.mageia.org/MGASA-2014-0468.html

seclists.org/oss-sec/2014/q4/420

seclists.org/oss-sec/2014/q4/421

www.mandriva.com/security/advisories?name=MDVSA-2014:221

www.securityfocus.com/bid/70708

bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920

code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902

exchange.xforce.ibmcloud.com/vulnerabilities/97725

7.9 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.7%

Related for PRION:CVE-2014-8350

nessus5 fedora3 ubuntucve1 debiancve1 osv2 cvelist1 openvas5 github1 cve1 mageia2 nvd1 debian1 securityvulns2