CVE-2008-1066

Priority
Medium
Description
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by
Serendipity (S9Y) and other products, allows attackers to call arbitrary
PHP functions via templates, related to a '\0' character in a search
string.
References
Bugs
Assigned-to
emgent
Package
Upstream:released (2.2.5-1)
Patches:
Patch:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
Package
Upstream:released (2.6.19)
Patches:
Patch:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
Debdiff:https://bugs.launchpad.net/ubuntu/+source/smarty/+bug/202422
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:32:03 UTC (commit 9756)