CVE-2014-8350

Published: Nov 3, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

70708

vdb-entry

x_refsource_BID

[oss-security] 20141023 Re: CVE Request: smarty: secure mode bypass

mailing-list

x_refsource_MLIST

https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902

x_refsource_CONFIRM

http://advisories.mageia.org/MGASA-2014-0468.html

x_refsource_CONFIRM

[oss-security] 20141022 CVE Request: smarty: secure mode bypass

mailing-list

x_refsource_MLIST

MDVSA-2014:221

vendor-advisory

x_refsource_MANDRIVA

smarty-cve20148350-code-exec(97725)

vdb-entry

x_refsource_XF

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-8350

Description

Affected Products

References