CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4810

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.6%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2008-4810

Smarty » Smarty » Version: 1.0

cpe:2.3:a:smarty:smarty:1.0
Smarty » Smarty » Version: 1.0a

cpe:2.3:a:smarty:smarty:1.0a
Smarty » Smarty » Version: 1.0b

cpe:2.3:a:smarty:smarty:1.0b
Smarty » Smarty » Version: 1.1.0

cpe:2.3:a:smarty:smarty:1.1.0
Smarty » Smarty » Version: 1.2.0

cpe:2.3:a:smarty:smarty:1.2.0
Smarty » Smarty » Version: 1.2.1

cpe:2.3:a:smarty:smarty:1.2.1
Smarty » Smarty » Version: 1.2.2

cpe:2.3:a:smarty:smarty:1.2.2
Smarty » Smarty » Version: 1.3.0

cpe:2.3:a:smarty:smarty:1.3.0
Smarty » Smarty » Version: 1.3.1

cpe:2.3:a:smarty:smarty:1.3.1
Smarty » Smarty » Version: 1.3.2

cpe:2.3:a:smarty:smarty:1.3.2
Smarty » Smarty » Version: 1.4.0

cpe:2.3:a:smarty:smarty:1.4.0
Smarty » Smarty » Version: 1.4.1

cpe:2.3:a:smarty:smarty:1.4.1
Smarty » Smarty » Version: 1.4.2

cpe:2.3:a:smarty:smarty:1.4.2
Smarty » Smarty » Version: 1.4.3

cpe:2.3:a:smarty:smarty:1.4.3
Smarty » Smarty » Version: 1.4.4

cpe:2.3:a:smarty:smarty:1.4.4
Smarty » Smarty » Version: 1.4.5

cpe:2.3:a:smarty:smarty:1.4.5
Smarty » Smarty » Version: 1.4.6

cpe:2.3:a:smarty:smarty:1.4.6
Smarty » Smarty » Version: 1.5.0

cpe:2.3:a:smarty:smarty:1.5.0
Smarty » Smarty » Version: 1.5.1

cpe:2.3:a:smarty:smarty:1.5.1
Smarty » Smarty » Version: 1.5.2

cpe:2.3:a:smarty:smarty:1.5.2
Smarty » Smarty » Version: 2.0.0

cpe:2.3:a:smarty:smarty:2.0.0
Smarty » Smarty » Version: 2.0.1

cpe:2.3:a:smarty:smarty:2.0.1
Smarty » Smarty » Version: 2.1.0

cpe:2.3:a:smarty:smarty:2.1.0
Smarty » Smarty » Version: 2.1.1

cpe:2.3:a:smarty:smarty:2.1.1
Smarty » Smarty » Version: 2.2.0

cpe:2.3:a:smarty:smarty:2.2.0
Smarty » Smarty » Version: 2.3.0

cpe:2.3:a:smarty:smarty:2.3.0
Smarty » Smarty » Version: 2.3.1

cpe:2.3:a:smarty:smarty:2.3.1
Smarty » Smarty » Version: 2.4.0

cpe:2.3:a:smarty:smarty:2.4.0
Smarty » Smarty » Version: 2.4.1

cpe:2.3:a:smarty:smarty:2.4.1
Smarty » Smarty » Version: 2.4.2

cpe:2.3:a:smarty:smarty:2.4.2
Smarty » Smarty » Version: 2.5.0

cpe:2.3:a:smarty:smarty:2.5.0
Smarty » Smarty » Version: 2.6.0

cpe:2.3:a:smarty:smarty:2.6.0
Smarty » Smarty » Version: 2.6.1

cpe:2.3:a:smarty:smarty:2.6.1
Smarty » Smarty » Version: 2.6.10

cpe:2.3:a:smarty:smarty:2.6.10
Smarty » Smarty » Version: 2.6.11

cpe:2.3:a:smarty:smarty:2.6.11
Smarty » Smarty » Version: 2.6.12

cpe:2.3:a:smarty:smarty:2.6.12
Smarty » Smarty » Version: 2.6.13

cpe:2.3:a:smarty:smarty:2.6.13
Smarty » Smarty » Version: 2.6.14

cpe:2.3:a:smarty:smarty:2.6.14
Smarty » Smarty » Version: 2.6.15

cpe:2.3:a:smarty:smarty:2.6.15
Smarty » Smarty » Version: 2.6.16

cpe:2.3:a:smarty:smarty:2.6.16
Smarty » Smarty » Version: 2.6.17

cpe:2.3:a:smarty:smarty:2.6.17
Smarty » Smarty » Version: 2.6.18

cpe:2.3:a:smarty:smarty:2.6.18
Smarty » Smarty » Version: 2.6.2

cpe:2.3:a:smarty:smarty:2.6.2
Smarty » Smarty » Version: 2.6.3

cpe:2.3:a:smarty:smarty:2.6.3
Smarty » Smarty » Version: 2.6.4

cpe:2.3:a:smarty:smarty:2.6.4
Smarty » Smarty » Version: 2.6.5

cpe:2.3:a:smarty:smarty:2.6.5
Smarty » Smarty » Version: 2.6.6

cpe:2.3:a:smarty:smarty:2.6.6
Smarty » Smarty » Version: 2.6.7

cpe:2.3:a:smarty:smarty:2.6.7
Smarty » Smarty » Version: 2.6.9

cpe:2.3:a:smarty:smarty:2.6.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4810

Products

Pricing

Contact Us