← back
CVE-2009-1669

CVE-2009-1669

EPSS 14.1%
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/8659unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/54380http://secunia.com/advisories/35072http://secunia.com/advisories/35219https://exchange.xforce.ibmcloud.com/vulnerabilities/50457https://www.exploit-db.com/exploits/8659https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01274.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01283.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01287.htmlhttp://www.securityfocus.com/bid/34918http://www.ubuntu.com/usn/usn-791-3