Vulnerability CVE-2008-4810: Information

Description

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2008-4810

Published: Oct. 31, 2008

Modified: Aug. 8, 2017

Error type identifier: CWE-94

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://securityvulns.ru/Udocument746.html
http://smarty-php.googlecode.com/svn/trunk/NEWS
http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php
https://bugs.gentoo.org/attachment.cgi?id=169804&action=view
32329	Vendor Advisory
[oss-security] 20081025 Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)
http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php
DSA-1691
31862
smarty-expandquotedtext-code-execution(46031)

Affected configurations:
1. Configuration 1
  cpe:2.3:a:smarty:smarty:1.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.0b:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.5:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.7:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.0a:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.15:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.3:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.14:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.17:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.11:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.12:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.18:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.6:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.16:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.9:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.4:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.10:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.2:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.13:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.6.5:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:2.4.0:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.4:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.4.6:*:*:*:*:*:*:*
  cpe:2.3:a:smarty:smarty:1.2.0:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2008-4810: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1