10

CVE-2009-1669

Exploit
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SmartySmarty Version2.6.22
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.12% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://osvdb.org/54380
http://secunia.com/advisories/35072
Vendor Advisory
http://secunia.com/advisories/35219
http://www.securityfocus.com/bid/34918
Exploit
http://www.ubuntu.com/usn/usn-791-3
https://exchange.xforce.ibmcloud.com/vulnerabilities/50457
https://www.exploit-db.com/exploits/8659
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01274.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01283.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01287.html