10
CVE-2009-1669
- EPSS 14.12%
- Veröffentlicht 18.05.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:47
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.12% | 0.961 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://osvdb.org/54380
http://secunia.com/advisories/35072
http://secunia.com/advisories/35219
http://www.securityfocus.com/bid/34918
http://www.ubuntu.com/usn/usn-791-3
https://exchange.xforce.ibmcloud.com/vulnerabilities/50457
https://www.exploit-db.com/exploits/8659
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01274.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01283.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01287.html