Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-4810

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

Related bugs and status

CVE-2008-4810 (Candidate) is related to these bugs:

Bug #491129: Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities

		In	Importance	Status
491129	Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities	Mahara	Undecided	Fix Released
491129	Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities	Mahara 1.0	Undecided	Fix Released
491129	Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities	Mahara 1.1	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008102...
MISC: http://securityvulns.r...
CONFIRM: http://smarty-php.goog...
SECUNIA: 32329
DEBIAN: DSA-1691
BID: 31862
CONFIRM: http://code.google.com...
CONFIRM: http://code.google.com...
CONFIRM: https://bugs.gentoo.or...
XF: smarty-expandquotedtex...