CVE-2010-4726
published 2011-02-03CVE-2010-4726: Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
PriorityP434critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
1.88%
76.9th percentile
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | smarty3 | < smarty3 3.0.8-1 (bookworm) | smarty3 3.0.8-1 (bookworm) |
| smarty | smarty | <= 3.0.0 | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
| smarty | smarty | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wmf8-498j-7qmx: Unspecified vulnerability in the math plugin in Smarty before 3
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2010-4726 [CRITICAL] GHSA-wmf8-498j-7qmx: Unspecified vulnerability in the math plugin in Smarty before 3
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
OSV
CVE-2010-4726: Unspecified vulnerability in the math plugin in Smarty before 3
osv·2011-02-03·CVSS 10.0
CVE-2010-4726 [CRITICAL] CVE-2010-4726: Unspecified vulnerability in the math plugin in Smarty before 3
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
Debian
CVE-2010-4726: smarty3 - Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unkn...
vendor_debian·2010·CVSS 10.0
CVE-2010-4726 [CRITICAL] CVE-2010-4726: smarty3 - Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unkn...
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
Scope: local
bookworm: resolved (fixed in 3.0.8-1)
bullseye: resolved (fixed in 3.0.8-1)
forky: resolved (fixed in 3.0.8-1)
sid: resolved (fixed in 3.0.8-1)
trixie: resolved (fixed in 3.0.8-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-4724 CVE-2010-4725 CVE-2010-4727 php-Smarty: Multiple unspecified vulnerabilities in Smarty 3.0.0 before RC3
bugzilla·2011-10-25·CVSS 10.0
CVE-2010-4724 [CRITICAL] CVE-2010-4724 CVE-2010-4725 CVE-2010-4727 php-Smarty: Multiple unspecified vulnerabilities in Smarty 3.0.0 before RC3
CVE-2010-4724 CVE-2010-4725 CVE-2010-4727 php-Smarty: Multiple unspecified vulnerabilities in Smarty 3.0.0 before RC3
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4724 to
the following vulnerability:
Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4724
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Discussion:
Relevant Smarty Changelog [2] entries:
===== RC3 =====
15/07/2010
..
20/06/2010
- replace internal get_time() calls with standard PHP5 microtime(true) calls
- closed security hole when php.ini asp_tags = on
..
17/04/2010
- security fix in {math} plugin
..
01/12/20
Bugzilla
CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [fedora-all]
bugzilla·2011-10-25·CVSS 10.0
CVE-2010-4722 [CRITICAL] CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [fedora-all]
CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=748773
Please note: this issue affects multiple supporte
Bugzilla
CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [epel-6]
bugzilla·2011-10-25·CVSS 10.0
CVE-2010-4722 [CRITICAL] CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [epel-6]
CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [epel-6]
epel-6 tracking bug for php-Smarty: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Adding parent bug CVE-2010-4726
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=748773,748887
---
Security fixes were included in 2.x branch with the release of 2.6.27.
Bugzilla
CVE-2010-4726 php-Smarty: Unspecified vulnerability in math plug-in in Smarty 3.0.0 before RC1
bugzilla·2011-10-25·CVSS 10.0
CVE-2010-4726 [CRITICAL] CVE-2010-4726 php-Smarty: Unspecified vulnerability in math plug-in in Smarty 3.0.0 before RC1
CVE-2010-4726 php-Smarty: Unspecified vulnerability in math plug-in in Smarty 3.0.0 before RC1
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4726 to
the following vulnerability:
Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4726
[2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Discussion:
Relevant Smarty Changelog [2] entry:
===== RC1 =====
..
17/04/2010
- security fix in {math} plugin
and related SVN log record:
r3555 | Uwe.Tews | 2010-04-17 12:24:44 +0200 (Sat, 17 Apr 2010) | 2 lines
- security fix in {math} plugin
---
Created attachment 530103
Smar
Bugzilla
CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [epel-5]
bugzilla·2011-10-25·CVSS 10.0
CVE-2010-4722 [CRITICAL] CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [epel-5]
CVE-2010-4722 CVE-2010-4726 php-Smarty various flaws [epel-5]
epel-5 tracking bug for php-Smarty: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Adding parent bug CVE-2010-4726
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=748773,748887
---
Security fixes were included in 2.x branch with the release of 2.6.27.
2011-02-03
Published