Lucene search
Ubuntu.comUB:CVE-2008-4811HistoryOct 31, 2008 - 12:00 a.m.
CVE-2008-4811
2008-10-3100:00:00
ubuntu.com
ubuntu.com
7
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in
Smarty 2.6.20 r2797 and earlier allows remote attackers to execute
arbitrary PHP code via vectors related to templates and a \ (backslash)
before a dollar-sign character.
Notes
| Author | Note |
|---|---|
| mdeslaur | moodle and gallery2 have embedded smarty it seems this issue is unfixed as of 2009-04-28 |
Related
openvas
openvas
Fedora Update for php-Smarty FEDORA-2008-9420
2009-02-17 00:00:00
Fedora Update for php-Smarty FEDORA-2008-9401
2009-02-17 00:00:00
Fedora Update for php-Smarty FEDORA-2008-10409
2009-02-16 00:00:00
prion
prion
Code injection
2008-10-31 18:09:00
fedora
fedora
[SECURITY] Fedora 10 Update: php-Smarty-2.6.20-2.fc10
2008-11-26 06:25:03
[SECURITY] Fedora 8 Update: php-Smarty-2.6.20-2.fc8
2008-11-07 02:50:20
[SECURITY] Fedora 9 Update: php-Smarty-2.6.20-2.fc9
2008-11-07 02:52:04
nessus
nessus
Fedora 9 : php-Smarty-2.6.20-2.fc9 (2008-9420)
2008-11-07 00:00:00
Fedora 8 : php-Smarty-2.6.20-2.fc8 (2008-9401)
2008-11-07 00:00:00
Fedora 10 : php-Smarty-2.6.20-2.fc10 (2008-10409)
2009-04-23 00:00:00
redhatcve
redhatcve
CVE-2008-4811
2019-10-04 20:37:34
cve
cve
CVE-2008-4811
2008-10-31 18:09:00
altlinux
altlinux
Security fix for the ALT Linux 6 package smarty version 2.6.22-alt1
2009-01-27 00:00:00
Security fix for the ALT Linux 7 package smarty version 2.6.22-alt1
2009-01-27 00:00:00
gentoo
gentoo
Smarty: Multiple vulnerabilities
2010-06-02 00:00:00
osv
osv
moodle - several vulnerabilities
2008-12-22 00:00:00
debian
debian
[SECURITY] [DSA 1691-1] New moodle packages fix several vulnerabilities
2008-12-22 08:27:17
ubuntu
ubuntu
Moodle vulnerabilities
2009-06-24 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
84.9%
Related for UB:CVE-2008-4811