Vulnerability Details CVE-2009-5054
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.8%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2009-5054
-
cpe:2.3:a:smarty:smarty:1.0
-
cpe:2.3:a:smarty:smarty:1.0a
-
cpe:2.3:a:smarty:smarty:1.0b
-
cpe:2.3:a:smarty:smarty:1.1.0
-
cpe:2.3:a:smarty:smarty:1.2.0
-
cpe:2.3:a:smarty:smarty:1.2.1
-
cpe:2.3:a:smarty:smarty:1.2.2
-
cpe:2.3:a:smarty:smarty:1.3.0
-
cpe:2.3:a:smarty:smarty:1.3.1
-
cpe:2.3:a:smarty:smarty:1.3.2
-
cpe:2.3:a:smarty:smarty:1.4.0
-
cpe:2.3:a:smarty:smarty:1.4.1
-
cpe:2.3:a:smarty:smarty:1.4.2
-
cpe:2.3:a:smarty:smarty:1.4.3
-
cpe:2.3:a:smarty:smarty:1.4.4
-
cpe:2.3:a:smarty:smarty:1.4.5
-
cpe:2.3:a:smarty:smarty:1.4.6
-
cpe:2.3:a:smarty:smarty:1.5.0
-
cpe:2.3:a:smarty:smarty:1.5.1
-
cpe:2.3:a:smarty:smarty:1.5.2
-
cpe:2.3:a:smarty:smarty:2.0.0
-
cpe:2.3:a:smarty:smarty:2.0.1
-
cpe:2.3:a:smarty:smarty:2.1.0
-
cpe:2.3:a:smarty:smarty:2.1.1
-
cpe:2.3:a:smarty:smarty:2.2.0
-
cpe:2.3:a:smarty:smarty:2.3.0
-
cpe:2.3:a:smarty:smarty:2.3.1
-
cpe:2.3:a:smarty:smarty:2.4.0
-
cpe:2.3:a:smarty:smarty:2.4.1
-
cpe:2.3:a:smarty:smarty:2.4.2
-
cpe:2.3:a:smarty:smarty:2.5.0
-
cpe:2.3:a:smarty:smarty:2.6.0
-
cpe:2.3:a:smarty:smarty:2.6.1
-
cpe:2.3:a:smarty:smarty:2.6.10
-
cpe:2.3:a:smarty:smarty:2.6.11
-
cpe:2.3:a:smarty:smarty:2.6.12
-
cpe:2.3:a:smarty:smarty:2.6.13
-
cpe:2.3:a:smarty:smarty:2.6.14
-
cpe:2.3:a:smarty:smarty:2.6.15
-
cpe:2.3:a:smarty:smarty:2.6.16
-
cpe:2.3:a:smarty:smarty:2.6.17
-
cpe:2.3:a:smarty:smarty:2.6.18
-
cpe:2.3:a:smarty:smarty:2.6.2
-
cpe:2.3:a:smarty:smarty:2.6.20
-
cpe:2.3:a:smarty:smarty:2.6.22
-
cpe:2.3:a:smarty:smarty:2.6.24
-
cpe:2.3:a:smarty:smarty:2.6.25
-
cpe:2.3:a:smarty:smarty:2.6.26
-
cpe:2.3:a:smarty:smarty:2.6.3
-
cpe:2.3:a:smarty:smarty:2.6.4
-
cpe:2.3:a:smarty:smarty:2.6.5
-
cpe:2.3:a:smarty:smarty:2.6.6
-
cpe:2.3:a:smarty:smarty:2.6.7
-
cpe:2.3:a:smarty:smarty:2.6.9