CVE-2010-4727Improper Input Validation in Smarty

CWE-20Improper Input Validation5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
0.4%
top 36.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Smarty3Smarty
Timeline
PublishedFeb 3
Latest updateMay 17

Description

Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

debiandebian/smarty3< smarty3 3.0~rc1-1 (bookworm)
NVDsmarty/smarty3.0.0+55

🔴Vulnerability Details

2
GHSA
GHSA-9548-764x-cvqv: Smarty before 32022-05-17
OSV
CVE-2010-4727: Smarty before 32011-02-03

📋Vendor Advisories

1
Debian
CVE-2010-4727: smarty3 - Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which...2010

💬Community

1
Bugzilla
CVE-2010-4724 CVE-2010-4725 CVE-2010-4727 php-Smarty: Multiple unspecified vulnerabilities in Smarty 3.0.0 before RC32011-10-25