CVE-2009-1669 (retired)

Priority
Description
The smarty_function_math function in libs/plugins/function.math.php in
Smarty 2.6.22 allows context-dependent attackers to execute arbitrary
commands via shell metacharacters in the equation attribute of the math
function. NOTE: some of these details are obtained from third party
information.
Notes
 mdeslaur> may be a PoC here: http://www.milw0rm.com/exploits/8659
 mdeslaur> Debian says: TODO: check. It should be windows specific.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needed
More Information

Updated: 2019-03-26 11:47:56 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)