Main Vulnerability Database Vulnerabilities #VU45384

Permissions, Privileges, and Access Controls in Smarty - CVE-2010-4723

Published: February 3, 2011 / Updated: August 11, 2020

Vulnerability identifier: #VU45384

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2010-4723

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: smarty.php.net

Affected software:
Smarty

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.

How to mitigate CVE-2010-4723

Install update from vendor's website.

Sources

http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt

Permissions, Privileges, and Access Controls in Smarty - CVE-2010-4723

Detailed vulnerability description

How to mitigate CVE-2010-4723

Sources

Please verify you're human