CVE-2008-4811

NameCVE-2008-4811
DescriptionThe _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1691-1
NVD severityhigh (attack range: remote)
Debian Bugs504328, 504345

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gallery2source(unstable)2.2.5-2high
moodlesource(unstable)1.8.2-2high504345
moodlesourceetch1.6.3-2+etch1highDSA-1691-1
smartysource(unstable)2.6.26-0.1high504328

Notes

[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
This attack vector is *not* fixed in r2797

Search for package or bug name: Reporting problems