CVE-2017-1000480
published 2018-01-03CVE-2017-1000480: Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template…
PriorityP350critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.12%
86.2th percentile
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | smarty3 | < smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bookworm) | smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bookworm) |
| smarty | smarty | >= 3 < 3.1.32 | 3.1.32 |
| smarty | smarty | >= 3.0.0 < 3.1.32 | 3.1.32 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Smarty PHP code injection
ghsa·2022-05-14
CVE-2017-1000480 [CRITICAL] CWE-94 Smarty PHP code injection
Smarty PHP code injection
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
OSV
Smarty PHP code injection
osv·2022-05-14
CVE-2017-1000480 [CRITICAL] Smarty PHP code injection
Smarty PHP code injection
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
OSV
CVE-2017-1000480: Smarty 3 before 3
osv·2018-01-03·CVSS 9.8
CVE-2017-1000480 [CRITICAL] CVE-2017-1000480: Smarty 3 before 3
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Debian
CVE-2017-1000480: smarty3 - Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch(...
vendor_debian·2017·CVSS 9.8
CVE-2017-1000480 [CRITICAL] CVE-2017-1000480: smarty3 - Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch(...
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Scope: local
bookworm: resolved (fixed in 3.1.31+20161214.1.c7d42e4+selfpack1-3)
bullseye: resolved (fixed in 3.1.31+20161214.1.c7d42e4+selfpack1-3)
forky: resolved (fixed in 3.1.31+20161214.1.c7d42e4+selfpack1-3)
sid: resolved (fixed in 3.1.31+20161214.1.c7d42e4+selfpack1-3)
trixie: resolved (fixed in 3.1.31+20161214.1.c7d42e4+selfpack1-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names
bugzilla·2018-01-09·CVSS 9.8
CVE-2017-1000480 [CRITICAL] CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names
CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000480
https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
https://github.com/smarty-php/smarty/blob/master/change_log.txt
Discussion:
Created php-Smarty tracking bugs for this issue:
Affects: epel-all [bug 1532493]
Affects: fedora-all [bug 1532494]
---
All dependent bugs have been closed. Can this tracking bug be closed?
---
In reply to comment #2:
> All dependent bugs have been closed. Can this tracking bug be closed?
Yep, cl
Bugzilla
CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
bugzilla·2018-01-09·CVSS 9.8
CVE-2017-1000480 [CRITICAL] CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this is
Bugzilla
CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
bugzilla·2018-01-09·CVSS 9.8
CVE-2017-1000480 [CRITICAL] CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: thi
https://github.com/smarty-php/smarty/blob/master/change_log.txthttps://lists.debian.org/debian-lts-announce/2018/01/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2018/02/msg00000.htmlhttps://www.debian.org/security/2018/dsa-4094https://github.com/smarty-php/smarty/blob/master/change_log.txthttps://lists.debian.org/debian-lts-announce/2018/01/msg00023.htmlhttps://lists.debian.org/debian-lts-announce/2018/02/msg00000.htmlhttps://www.debian.org/security/2018/dsa-4094
2018-01-03
Published