#VU45385 Input validation error in Smarty - CVE-2010-4724
Published: February 3, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45385
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2010-4724
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Smarty
Smarty
Software vendor:
smarty.php.net
smarty.php.net
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.
Remediation
Install update from vendor's website.