Red Hat Bugzilla – Bug 469648
CVE-2008-4811 php-Smarty: PHP code execution via templates with \ escaped $ sign
Last modified: 2008-11-26 03:20:07 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4811 to the following vulnerability:
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in
Smarty 2.6.20 r2797 and earlier allows remote attackers to execute
arbitrary PHP code via vectors related to templates and a \
(backslash) before a dollar-sign character.
Again, this bug description is confusing an inaccurate.
If I understand this correctly, r2797 *fixes* the problem, and the bug description should say "...in Smarty 2.6.20 r2796 and earlier..."
php-Smarty-2.6.20-2.fc9 has been submitted as an update for Fedora 9.
php-Smarty-2.6.20-2.fc8 has been submitted as an update for Fedora 8.
php-Smarty-2.6.20-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
php-Smarty-2.6.20-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
php-Smarty-2.6.20-2.fc10 has been submitted as an update for Fedora 10.
php-Smarty-2.6.20-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: