CVE-2011-1028
published 2019-11-20CVE-2011-1028: The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.61%
73.0th percentile
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | smarty3 | < smarty3 3.0.8-1 (bookworm) | smarty3 3.0.8-1 (bookworm) |
| smarty | smarty | >= 0 < 3.0.7 | 3.0.7 |
| smarty | smarty | >= 3.0.0 < 3.0.7 | 3.0.7 |
| smarty3 | smarty3 | — | — |
| smarty3 | smarty3 | >= 0 < 3.0.8-1 | 3.0.8-1 |
| smarty3 | smarty3 | >= 0 < 3.0.8-1 | 3.0.8-1 |
| smarty3 | smarty3 | >= 0 < 3.0.8-1 | 3.0.8-1 |
| smarty3 | smarty3 | >= 0 < 3.0.8-1 | 3.0.8-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Smarty3 Arbitrary PHP Code Execution
osv·2022-04-22
CVE-2011-1028 [CRITICAL] Smarty3 Arbitrary PHP Code Execution
Smarty3 Arbitrary PHP Code Execution
The `$smarty.template` variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the `sysplugins/smarty_internal_compile_private_special_variable.php` file.
GHSA
Smarty3 Arbitrary PHP Code Execution
ghsa·2022-04-22
CVE-2011-1028 [CRITICAL] CWE-20 Smarty3 Arbitrary PHP Code Execution
Smarty3 Arbitrary PHP Code Execution
The `$smarty.template` variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the `sysplugins/smarty_internal_compile_private_special_variable.php` file.
OSV
CVE-2011-1028: The $smarty
osv·2019-11-20·CVSS 9.8
CVE-2011-1028 [CRITICAL] CVE-2011-1028: The $smarty
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
Debian
CVE-2011-1028: smarty3 - The $smarty.template variable in Smarty3 allows attackers to possibly execute ar...
vendor_debian·2011·CVSS 9.8
CVE-2011-1028 [CRITICAL] CVE-2011-1028: smarty3 - The $smarty.template variable in Smarty3 allows attackers to possibly execute ar...
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
Scope: local
bookworm: resolved (fixed in 3.0.8-1)
bullseye: resolved (fixed in 3.0.8-1)
forky: resolved (fixed in 3.0.8-1)
sid: resolved (fixed in 3.0.8-1)
trixie: resolved (fixed in 3.0.8-1)
No detection rules found.
Exploit-DB
Ipswitch TFTP Server 1.0.0.24 - Directory Traversal
exploitdb·2011-12-02
CVE-2011-4722 Ipswitch TFTP Server 1.0.0.24 - Directory Traversal
Ipswitch TFTP Server 1.0.0.24 - Directory Traversal
---
##############################################################################
# Title : Ipswitch TFTP Server Directory Traversal Vulnerability
# Author : Prabhu S Angadi from SecPod Technologies (www.secpod.com)
# Vendor : http://www.whatsupgold.com/index.aspx
# Advisory : http://secpod.org/blog/?p=424
# http://secpod.org/advisories/SecPod_Ipswitch_TFTP_Server_Dir_Trav.txt
# http://secpod.org/exploits/SecPod_Ipswitch_TFTP_Server_Dir_Trav_POC.py
# Version : Ipswitch TFTP Server 1.0.0.24
# Date : 02/12/2011
##############################################################################
SecPod ID: 1028 13/09/2011 Issue Discovered
04/10/2011 Vendor Notified
No Response from Vendor
02/12/2011 Advisory Released
Class: Information Discl
Exploit-DB
eZip Wizard 3.0 - Local Stack Buffer Overflow (Metasploit)
exploitdb·2011-04-25
CVE-2009-1028 eZip Wizard 3.0 - Local Stack Buffer Overflow (Metasploit)
eZip Wizard 3.0 - Local Stack Buffer Overflow (Metasploit)
---
##
# $Id: ezip_wizard_bof.rb 12428 2011-04-25 01:06:34Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex/zip'
class Metasploit3 'eZip Wizard 3.0 Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack-based buffer overflow vulnerability in
version 3.0 of ediSys Corp.'s eZip Wizard.
In order for the command to be executed, an attacker must convince someone to
open a specially crafted zip file with eZip Wizard, and access the specially
file via double-clickin
No writeups or analysis indexed.
2019-11-20
Published