Red Hat Bugzilla – Bug 468450
php-Smarty: arbitrary code execution due to an error when processing data with embedded variables
Last modified: 2008-10-24 15:41:23 EDT
From Secunia advisory:
A vulnerability has been reported in Smarty, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error when processing data with embedded variables. This can be exploited to potentially execute arbitrary PHP code.
This vulnerability is reported in version 2.6.19.
What is the point in opening this bug? And why did I waste my time creating bug #467317 is this is the bug that is going to be used to track this issue which has already been fixed BTW.
Fedora updates updating php-Smarty to fixed upstream version: