CVE-2010-4723 — Smarty vulnerability

CWE-2645 documents5 sources

Severity

9.3CRITICALNVD

EPSS

0.4%

top 36.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Smarty3 Smarty

Timeline

PublishedFeb 3

Latest updateMay 17

Description

Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/smarty3< smarty3 3.0.8-1 (bookworm)

▶NVDsmarty/smarty3.0.0+55

🔴Vulnerability Details

GHSA

GHSA-mvf9-3cvj-mh78: Smarty before 3↗2022-05-17

▶

OSV

CVE-2010-4723: Smarty before 3↗2011-02-03

▶

📋Vendor Advisories

Debian

CVE-2010-4723: smarty3 - Smarty before 3.0.0, when security is enabled, does not prevent access to the (1...↗2010

▶

💬Community

Bugzilla

CVE-2010-4723 php-Smarty: Before 3.0.0, when security is enabled does not prevent access to the dynamic and private object members of an assigned object↗2011-10-25

▶