CVE-2008-4810

NameCVE-2008-4810
DescriptionThe _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1691-1, DSA-1919-1
Debian Bugs504328, 504345

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gallery2source(unstable)2.2.5-2
moodlesourceetch1.6.3-2+etch1DSA-1691-1
moodlesource(unstable)1.8.2-2504345
smartysourceetch2.6.14-1etch2DSA-1919-1
smartysourcelenny2.6.20-1.2DSA-1919-1
smartysource(unstable)2.6.26-0.1504328

Notes

This attack vector is fixed in r2797
Search for package or bug name: Reporting problems