Your submission was sent successfully! Close

CVE-2008-4810

Published: 31 October 2008

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

Priority

Medium

Status

Package Release Status
gallery2
Launchpad, Ubuntu, Debian
Upstream Needs triage

moodle
Launchpad, Ubuntu, Debian
Upstream Needs triage

smarty
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php