Vulnerability identifier: #VU45382
Vulnerability risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Smarty
Web applications /
CMS
Vendor: smarty.php.net
Description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Smarty: 1.0 - 1.0a, 1.1.0, 1.2.0 - 1.2.2, 1.3.0 - 1.3.2, 1.4.0 - 1.4.6, 1.5.0 - 1.5.2, 2.0.0 - 2.0.1, 2.1.0 - 2.1.1, 2.2.0, 2.3.0 - 2.3.1, 2.4.0 - 2.4.2, 2.5.0, 2.6.0 - 2.6.25
External links
http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.