CVE-2008-4811

Published: Oct 31, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

Affected (56)

Products: Smarty: Smarty

Smarty

1 product

Smarty

Configuration A

56 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Smarty Smarty	Version 1.0
Smarty Smarty	Version 1.0a
Smarty Smarty	Version 1.0b
Smarty Smarty	Version 1.1.0
Smarty Smarty	Version 1.2.0
Smarty Smarty	Version 1.2.1
Smarty Smarty	Version 1.2.2
Smarty Smarty	Version 1.3.0
Smarty Smarty	Version 1.3.1
Smarty Smarty	Version 1.3.2
Smarty Smarty	Version 1.4.0
Smarty Smarty	Version 1.4.0 b1
Smarty Smarty	Version 1.4.0 b2
Smarty Smarty	Version 1.4.1
Smarty Smarty	Version 1.4.2
Smarty Smarty	Version 1.4.3
Smarty Smarty	Version 1.4.4
Smarty Smarty	Version 1.4.5
Smarty Smarty	Version 1.4.6
Smarty Smarty	Version 1.5.0
Smarty Smarty	Version 1.5.1
Smarty Smarty	Version 1.5.2
Smarty Smarty	Version 2.0.0
Smarty Smarty	Version 2.0.1
Smarty Smarty	Version 2.1.0
Smarty Smarty	Version 2.1.1
Smarty Smarty	Version 2.2.0
Smarty Smarty	Version 2.3.0
Smarty Smarty	Version 2.3.1
Smarty Smarty	Version 2.4.0
Smarty Smarty	Version 2.4.1
Smarty Smarty	Version 2.4.2
Smarty Smarty	Version 2.5.0
Smarty Smarty	Version 2.5.0 rc1
Smarty Smarty	Version 2.5.0 rc2
Smarty Smarty	Version 2.6.0
Smarty Smarty	Version 2.6.0 rc1
Smarty Smarty	Version 2.6.0 rc2
Smarty Smarty	Version 2.6.0 rc3
Smarty Smarty	Version 2.6.10
Smarty Smarty	Version 2.6.11
Smarty Smarty	Version 2.6.12
Smarty Smarty	Version 2.6.13
Smarty Smarty	Version 2.6.14
Smarty Smarty	Version 2.6.15
Smarty Smarty	Version 2.6.16
Smarty Smarty	Version 2.6.17
Smarty Smarty	Version 2.6.18
Smarty Smarty	Version 2.6.1
Smarty Smarty	Version 2.6.2
Smarty Smarty	Version 2.6.3
Smarty Smarty	Version 2.6.4
Smarty Smarty	Version 2.6.5
Smarty Smarty	Version 2.6.6
Smarty Smarty	Version 2.6.7
Smarty Smarty	Version 2.6.9