CVE-2015-7809
published 2015-11-06CVE-2015-7809: The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via…
PriorityP342medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.40%
87.3th percentile
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| symfony | twig | <= 1.19.0 | — |
| twig | twig | >= 0 < 1.20.0 | 1.20.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Twig remote code execution in templates
ghsa·2022-05-14
CVE-2015-7809 [HIGH] CWE-74 Twig remote code execution in templates
Twig remote code execution in templates
The `displayBlock` function `Template.php` in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the `_self` variable in a template.
OSV
Twig remote code execution in templates
osv·2022-05-14
CVE-2015-7809 [HIGH] Twig remote code execution in templates
Twig remote code execution in templates
The `displayBlock` function `Template.php` in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the `_self` variable in a template.
No detection rules found.
No public exploits indexed.
http://openwall.com/lists/oss-security/2015/08/21/3http://openwall.com/lists/oss-security/2015/10/11/2http://symfony.com/blog/security-release-twig-1-20-0http://www.debian.org/security/2015/dsa-3343https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8fhttps://github.com/twigphp/Twig/pull/1759http://openwall.com/lists/oss-security/2015/08/21/3http://openwall.com/lists/oss-security/2015/10/11/2http://symfony.com/blog/security-release-twig-1-20-0http://www.debian.org/security/2015/dsa-3343https://github.com/fabpot/Twig/commit/30be07759a3de2558da5224f127d052ecf492e8fhttps://github.com/twigphp/Twig/pull/1759
2015-11-06
Published