CVE-2008-4811 (retired)

Priority
Description
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in
Smarty 2.6.20 r2797 and earlier allows remote attackers to execute
arbitrary PHP code via vectors related to templates and a \ (backslash)
before a dollar-sign character.
Notes
 mdeslaur> moodle and gallery2 have embedded smarty
 mdeslaur> it seems this issue is unfixed as of 2009-04-28
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:45:34 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)