| Vulnerability Name: | CVE-2005-0913 (CCN-19880) | ||||||||
| Assigned: | 2005-03-29 | ||||||||
| Published: | 2005-03-29 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0913 Source: CONFIRM Type: Patch http://news.php.net/php.smarty.dev/2673 Source: CCN Type: SA14729 Smarty "regex_replace" Modifier Template Security Bypass Source: SECUNIA Type: Patch, Vendor Advisory 14729 Source: GENTOO Type: Patch, Vendor Advisory GLSA-200503-35 Source: CCN Type: SECTRACK ID: 1013556 Smarty regex_replace Modifier Template Security Bug Lets Users Execute PHP Code Source: SECTRACK Type: Patch 1013556 Source: CCN Type: Smarty Download Web page Download Source: CCN Type: GLSA-200503-35 Smarty: Template vulnerability Source: CCN Type: OSVDB ID: 15081 Smarty regex_replace Modifier Arbitrary Code Execution Source: BID Type: UNKNOWN 12941 Source: CCN Type: BID-12941 Smarty Template Engine Remote PHP Script Execution Vulnerability Source: XF Type: UNKNOWN smarty-regexreplace-security-bpass(19880) Source: XF Type: UNKNOWN smarty-regexreplace-security-bpass(19880) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||