CVE-2008-4811

NameCVE-2008-4811
DescriptionThe _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1691-1
Debian Bugs504328, 504345

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gallery2source(unstable)2.2.5-2
moodlesourceetch1.6.3-2+etch1DSA-1691-1
moodlesource(unstable)1.8.2-2504345
smartysource(unstable)2.6.26-0.1504328

Notes

[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
This attack vector is *not* fixed in r2797
Search for package or bug name: Reporting problems