CVE-2009-1669

NameCVE-2009-1669
DescriptionThe smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1919-1
NVD severityhigh (attack range: remote)
Debian Bugs529810

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smartysource(unstable)2.6.26-0.1low529810
smartysourceetch2.6.14-1etch2highDSA-1919-1
smartysourcelenny2.6.20-1.2highDSA-1919-1

Notes

[etch] - smarty <not-affected> (Vulnerable code not present)
[lenny] - smarty <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems