CVE-2009-5053 — Smarty vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Smarty3 Smarty

Timeline

PublishedFeb 3

Latest updateMay 2

Description

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/smarty3< smarty3 3.0~rc1-1 (bookworm)

▶NVDsmarty/smarty3.0.0+55

🔴Vulnerability Details

GHSA

GHSA-wg94-64mm-c924: Unspecified vulnerability in Smarty before 3↗2022-05-02

▶

OSV

CVE-2009-5053: Unspecified vulnerability in Smarty before 3↗2011-02-03

▶

📋Vendor Advisories

Debian

CVE-2009-5053: smarty3 - Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers ...↗2009

▶