7.5

CVE-2008-1066

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SmartySmarty Version <= 2.6.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.95% 0.777
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://secunia.com/advisories/29392
Vendor Advisory
http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html
http://secunia.com/advisories/29241
Vendor Advisory
http://secunia.com/advisories/29398
Vendor Advisory
http://secunia.com/advisories/29405
Vendor Advisory
http://secunia.com/advisories/29562
Vendor Advisory
http://secunia.com/advisories/29839
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201111-04.xml
http://www.debian.org/security/2008/dsa-1520
http://www.phpinsider.com/smarty-forum/viewtopic.php?p=47652
http://www.securityfocus.com/bid/28105
http://www.smarty.net/misc/NEWS
https://exchange.xforce.ibmcloud.com/vulnerabilities/41002
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00298.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00358.html
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00551.html