CVE-2008-4810

NameCVE-2008-4810
DescriptionThe _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1691-1, DSA-1919-1
NVD severityhigh (attack range: remote)
Debian Bugs504328, 504345

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gallery2source(unstable)2.2.5-2high
moodlesource(unstable)1.8.2-2high504345
moodlesourceetch1.6.3-2+etch1highDSA-1691-1
smartysource(unstable)2.6.26-0.1high504328
smartysourceetch2.6.14-1etch2highDSA-1919-1
smartysourcelenny2.6.20-1.2highDSA-1919-1

Notes

This attack vector is fixed in r2797

Search for package or bug name: Reporting problems