Vulnerability Name:

CVE-2008-4811 (CCN-46406)

Assigned:2008-10-22
Published:2008-10-22
Updated:2017-08-08
Summary:The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2008-4811

Source: CCN
Type: Mahara Web Site
Mahara 1.2.4, 1.1.8, and 1.0.14 Released

Source: CCN
Type: SA32329
Smarty "_expand_quoted_text()" Security Bypass Vulnerability

Source: SECUNIA
Type: Vendor Advisory
32329

Source: MISC
Type: UNKNOWN
http://securityvulns.ru/Udocument746.html

Source: DEBIAN
Type: UNKNOWN
DSA-1691

Source: DEBIAN
Type: DSA-1691
moodle -- several vulnerabilities

Source: CCN
Type: GLSA-201006-13
Smarty: Multiple vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20081025 Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)

Source: BID
Type: UNKNOWN
31862

Source: CCN
Type: BID-31862
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability

Source: CCN
Type: Smarty Web site
Smarty: Template Engine

Source: CCN
Type: USN-791-1
Moodle vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 467317
Bug 467317 - Security Update for php-smarty

Source: XF
Type: UNKNOWN
smarty-expandquotedtext-code-execution1(46406)

Source: XF
Type: UNKNOWN
smarty-expandquotedtext-code-execution1(46406)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:smarty:smarty:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.0a:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.0b:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.12:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.13:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.14:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.15:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.16:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.17:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.18:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:*:*:*:*:*:*:*:* (Version <= 2.6.20)

    • Configuration CCN 1:
  • cpe:/a:smarty:smarty:2.6.9:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.11:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.12:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.13:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.14:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.15:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.16:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.0b:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.0a:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.10:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.17:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.18:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.5:*:*:*:*:*:*:*
  • OR cpe:/a:smarty:smarty:2.6.6:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:mahara:mahara:1.1.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13687
    P
    		USN-791-1 -- moodle vulnerabilities
    2014-07-07
    oval:org.mitre.oval:def:7939
    P
    		DSA-1691 moodle -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:20060
    P
    		DSA-1691-1 moodle - several vulnerabilities
    2014-06-23
    oval:org.debian:def:1691
    V
    		several vulnerabilities
    2008-12-22
    BACK
    smarty smarty 1.0
    smarty smarty 1.0a
    smarty smarty 1.0b
    smarty smarty 1.1.0
    smarty smarty 1.2.0
    smarty smarty 1.2.1
    smarty smarty 1.2.2
    smarty smarty 1.3.0
    smarty smarty 1.3.1
    smarty smarty 1.3.2
    smarty smarty 1.4.0
    smarty smarty 1.4.0 b1
    smarty smarty 1.4.0 b2
    smarty smarty 1.4.1
    smarty smarty 1.4.2
    smarty smarty 1.4.3
    smarty smarty 1.4.4
    smarty smarty 1.4.5
    smarty smarty 1.4.6
    smarty smarty 1.5.0
    smarty smarty 1.5.1
    smarty smarty 1.5.2
    smarty smarty 2.0.0
    smarty smarty 2.0.1
    smarty smarty 2.1.0
    smarty smarty 2.1.1
    smarty smarty 2.2.0
    smarty smarty 2.3.0
    smarty smarty 2.3.1
    smarty smarty 2.4.0
    smarty smarty 2.4.1
    smarty smarty 2.4.2
    smarty smarty 2.5.0
    smarty smarty 2.5.0 rc1
    smarty smarty 2.5.0 rc2
    smarty smarty 2.6.0
    smarty smarty 2.6.0 rc1
    smarty smarty 2.6.0 rc2
    smarty smarty 2.6.0 rc3
    smarty smarty 2.6.1
    smarty smarty 2.6.2
    smarty smarty 2.6.3
    smarty smarty 2.6.4
    smarty smarty 2.6.5
    smarty smarty 2.6.6
    smarty smarty 2.6.7
    smarty smarty 2.6.9
    smarty smarty 2.6.10
    smarty smarty 2.6.11
    smarty smarty 2.6.12
    smarty smarty 2.6.13
    smarty smarty 2.6.14
    smarty smarty 2.6.15
    smarty smarty 2.6.16
    smarty smarty 2.6.17
    smarty smarty 2.6.18
    smarty smarty *
    smarty smarty 2.6.9
    smarty smarty 2.6.1
    smarty smarty 2.6.0
    smarty smarty 2.6.11
    smarty smarty 2.6.12
    smarty smarty 2.6.13
    smarty smarty 2.6.14
    smarty smarty 2.6.15
    smarty smarty 2.6.16
    smarty smarty 2.6.0 rc3
    smarty smarty 2.6.0 rc2
    smarty smarty 2.6.0 rc1
    smarty smarty 2.5.0
    smarty smarty 2.5.0 rc1
    smarty smarty 2.5.0 rc2
    smarty smarty 2.4.2
    smarty smarty 2.4.1
    smarty smarty 2.4.0
    smarty smarty 2.3.1
    smarty smarty 2.3.0
    smarty smarty 2.2.0
    smarty smarty 2.1.1
    smarty smarty 2.1.0
    smarty smarty 2.0.1
    smarty smarty 2.0.0
    smarty smarty 1.5.2
    smarty smarty 1.5.1
    smarty smarty 1.5.0
    smarty smarty 1.4.6
    smarty smarty 1.4.5
    smarty smarty 1.4.4
    smarty smarty 1.4.3
    smarty smarty 1.4.2
    smarty smarty 1.4.1
    smarty smarty 1.4.0
    smarty smarty 1.4.0 b1
    smarty smarty 1.4.0 b2
    smarty smarty 1.3.2
    smarty smarty 1.3.1
    smarty smarty 1.3.0
    smarty smarty 1.2.2
    smarty smarty 1.2.1
    smarty smarty 1.2.0
    smarty smarty 1.1.0
    smarty smarty 1.0b
    smarty smarty 1.0a
    smarty smarty 1.0
    smarty smarty 2.6.10
    smarty smarty 2.6.17
    smarty smarty 2.6.2
    smarty smarty 2.6.7
    smarty smarty 2.6.18
    smarty smarty 2.6.3
    smarty smarty 2.6.4
    smarty smarty 2.6.5
    smarty smarty 2.6.6
    mahara mahara 1.0.8
    mahara mahara 1.0.6
    mahara mahara 1.0.5
    mahara mahara 1.0.4
    mahara mahara 1.0.3
    mahara mahara 1.0.2
    mahara mahara 1.0.1
    mahara mahara 1.1.1
    mahara mahara 1.1.0
    mahara mahara 1.0.10
    mahara mahara 1.1.2
    mahara mahara 1.0.9
    mahara mahara 1.1.4
    mahara mahara 1.0.11
    mahara mahara 1.0.12
    mahara mahara 1.1.5
    mahara mahara 1.1.6
    mahara mahara 1.1.3
    gentoo linux *
    debian debian linux 4.0
    canonical ubuntu 8.04