Lucene search

Veracode Vulnerability DatabaseVERACODE:47263

HistoryMay 30, 2024 - 6:05 a.m.

Code Injection

2024-05-3006:05:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

code injection

smarty

extends-tag

validation

php

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

smarty/smarty is vulnerable to code injection. The vulnerability is due to insufficient validation of file names used in the extends-tag. This allows attackers to inject PHP code by choosing a malicious file name for an extends-tag.

CPENameOperatorVersion
smarty/smartylev4.5.2
smarty/smartylev5.0.2
smarty/smartylev4.5.2
smarty/smartylev5.0.2

Name	Operator	Version
smarty/smarty	le	v4.5.2
smarty/smarty	le	v5.0.2
smarty/smarty	le	v4.5.2
smarty/smarty	le	v5.0.2

References

github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a

github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47263