Input validation error in Smarty

#VU30595 Input validation error in Smarty

Published: 2019-11-20 | Updated: 2020-07-17

Vulnerability identifier: #VU30595

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-1028

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Smarty
Web applications / CMS

Vendor: smarty.php.net

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Smarty: 3.0.0 - 3.0.6

External links
http://access.redhat.com/security/cve/cve-2011-1028
http://seclists.org/oss-sec/2011/q1/313
http://security-tracker.debian.org/tracker/CVE-2011-1028

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in smarty.php.net Smarty