Multiple vulnerabilities in smarty.php.net Smarty
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2010-4725 CVE-2010-4726 CVE-2010-4727 CVE-2009-5052 CVE-2009-5053 CVE-2010-4722 CVE-2010-4723 CVE-2010-4724 |
| CWE-ID | CWE-20 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Smarty Web applications / CMS |
| Vendor | smarty.php.net |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU45377
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-4725
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU45378
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-4726
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU45379
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-4727
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.5.0:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU45380
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-5052
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.6.26:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU45381
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2009-5053
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:3.0.0:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU45383
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-4722
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:3.0.0:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU45384
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-4723
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:3.0.0:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU45385
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2010-4724
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsSmarty: 1.0 b - 3.0.0
CPE2.3- cpe:2.3:a:smarty_php_net:smarty:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:smarty_php_net:smarty:3.0.0:*:*:*:*:*:*:*
https://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
