CVE-2011-1028

Published: Nov 20, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

Affected (4)

Products: Smarty: Smarty · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Smarty Smarty	From 3.0.0 to 3.0.7

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

https://access.redhat.com/security/cve/cve-2011-1028

Source: secalert@redhat.com

Broken Link

https://seclists.org/oss-sec/2011/q1/313

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-1028

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/cve-2011-1028

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://seclists.org/oss-sec/2011/q1/313

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2011-1028

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.