| Vulnerability Name: | CVE-2008-4811 (CCN-46406) |
| Assigned: | 2008-10-22 |
| Published: | 2008-10-22 |
| Updated: | 2017-08-08 |
| Summary: | The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
|
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-264
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: MITRE
Type: CNA
CVE-2008-4811
Source: CCN
Type: Mahara Web Site
Mahara 1.2.4, 1.1.8, and 1.0.14 Released
Source: CCN
Type: SA32329
Smarty "_expand_quoted_text()" Security Bypass Vulnerability
Source: SECUNIA
Type: Vendor Advisory
32329
Source: MISC
Type: UNKNOWN
http://securityvulns.ru/Udocument746.html
Source: DEBIAN
Type: UNKNOWN
DSA-1691
Source: DEBIAN
Type: DSA-1691
moodle -- several vulnerabilities
Source: CCN
Type: GLSA-201006-13
Smarty: Multiple vulnerabilities
Source: MLIST
Type: UNKNOWN
[oss-security] 20081025 Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)
Source: BID
Type: UNKNOWN
31862
Source: CCN
Type: BID-31862
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
Source: CCN
Type: Smarty Web site
Smarty: Template Engine
Source: CCN
Type: USN-791-1
Moodle vulnerabilities
Source: CCN
Type: Red Hat Bugzilla Bug 467317
Bug 467317 - Security Update for php-smarty
Source: XF
Type: UNKNOWN
smarty-expandquotedtext-code-execution1(46406)
Source: XF
Type: UNKNOWN
smarty-expandquotedtext-code-execution1(46406)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:smarty:smarty:1.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.0a:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.0b:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.1.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.2.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.2.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.2.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.3.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.3.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.3.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.3:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.4:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.5:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.6:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.5.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.5.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.5.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.0.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.0.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.1.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.1.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.2.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.3.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.3.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.4.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.4.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.4.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.5.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.3:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.4:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.5:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.6:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.7:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.9:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.10:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.11:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.12:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.13:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.14:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.15:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.16:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.17:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.18:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:*:*:*:*:*:*:*:* (Version <= 2.6.20)
Configuration CCN 1:
cpe:/a:smarty:smarty:2.6.9:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.11:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.12:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.13:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.14:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.15:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.16:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.5.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.4.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.4.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.4.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.3.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.3.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.2.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.1.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.1.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.0.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.0.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.5.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.5.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.5.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.6:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.5:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.4:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.3:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.3.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.3.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.3.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.2.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.2.1:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.2.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.1.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.0b:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.0a:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:1.0:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.10:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.17:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.2:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.7:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.18:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.3:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.4:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.5:*:*:*:*:*:*:*OR cpe:/a:smarty:smarty:2.6.6:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.8:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.6:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.5:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.4:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.3:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.2:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.1:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.1:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.0:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.10:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.2:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.9:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.4:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.11:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.0.12:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.5:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.6:*:*:*:*:*:*:*OR cpe:/a:mahara:mahara:1.1.3:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |