CVE-2010-4725 — Smarty vulnerability

5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

0.4%

top 37.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Smarty3 Smarty

Timeline

PublishedFeb 3

Latest updateMay 17

Description

Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/smarty3< smarty3 3.0.8-1 (bookworm)

▶NVDsmarty/smarty3.0.0+55

🔴Vulnerability Details

GHSA

GHSA-62jr-gjr6-pf9v: Smarty before 3↗2022-05-17

▶

OSV

CVE-2010-4725: Smarty before 3↗2011-02-03

▶

📋Vendor Advisories

Debian

CVE-2010-4725: smarty3 - Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags opt...↗2010

▶

💬Community

Bugzilla

CVE-2010-4724 CVE-2010-4725 CVE-2010-4727 php-Smarty: Multiple unspecified vulnerabilities in Smarty 3.0.0 before RC3↗2011-10-25

▶