The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a (backslash) before a dollar-sign character.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Smarty | Smarty | * | 2.6.20 (including) |
| Smarty | Smarty | 1.0 (including) | 1.0 (including) |
| Smarty | Smarty | 1.0a (including) | 1.0a (including) |
| Smarty | Smarty | 1.0b (including) | 1.0b (including) |
| Smarty | Smarty | 1.1.0 (including) | 1.1.0 (including) |
| Smarty | Smarty | 1.2.0 (including) | 1.2.0 (including) |
| Smarty | Smarty | 1.2.1 (including) | 1.2.1 (including) |
| Smarty | Smarty | 1.2.2 (including) | 1.2.2 (including) |
| Smarty | Smarty | 1.3.0 (including) | 1.3.0 (including) |
| Smarty | Smarty | 1.3.1 (including) | 1.3.1 (including) |
| Smarty | Smarty | 1.3.2 (including) | 1.3.2 (including) |
| Smarty | Smarty | 1.4.0 (including) | 1.4.0 (including) |
| Smarty | Smarty | 1.4.0-b1 (including) | 1.4.0-b1 (including) |
| Smarty | Smarty | 1.4.0-b2 (including) | 1.4.0-b2 (including) |
| Smarty | Smarty | 1.4.1 (including) | 1.4.1 (including) |
| Smarty | Smarty | 1.4.2 (including) | 1.4.2 (including) |
| Smarty | Smarty | 1.4.3 (including) | 1.4.3 (including) |
| Smarty | Smarty | 1.4.4 (including) | 1.4.4 (including) |
| Smarty | Smarty | 1.4.5 (including) | 1.4.5 (including) |
| Smarty | Smarty | 1.4.6 (including) | 1.4.6 (including) |
| Smarty | Smarty | 1.5.0 (including) | 1.5.0 (including) |
| Smarty | Smarty | 1.5.1 (including) | 1.5.1 (including) |
| Smarty | Smarty | 1.5.2 (including) | 1.5.2 (including) |
| Smarty | Smarty | 2.0.0 (including) | 2.0.0 (including) |
| Smarty | Smarty | 2.0.1 (including) | 2.0.1 (including) |
| Smarty | Smarty | 2.1.0 (including) | 2.1.0 (including) |
| Smarty | Smarty | 2.1.1 (including) | 2.1.1 (including) |
| Smarty | Smarty | 2.2.0 (including) | 2.2.0 (including) |
| Smarty | Smarty | 2.3.0 (including) | 2.3.0 (including) |
| Smarty | Smarty | 2.3.1 (including) | 2.3.1 (including) |
| Smarty | Smarty | 2.4.0 (including) | 2.4.0 (including) |
| Smarty | Smarty | 2.4.1 (including) | 2.4.1 (including) |
| Smarty | Smarty | 2.4.2 (including) | 2.4.2 (including) |
| Smarty | Smarty | 2.5.0 (including) | 2.5.0 (including) |
| Smarty | Smarty | 2.5.0-rc1 (including) | 2.5.0-rc1 (including) |
| Smarty | Smarty | 2.5.0-rc2 (including) | 2.5.0-rc2 (including) |
| Smarty | Smarty | 2.6.0 (including) | 2.6.0 (including) |
| Smarty | Smarty | 2.6.0-rc1 (including) | 2.6.0-rc1 (including) |
| Smarty | Smarty | 2.6.0-rc2 (including) | 2.6.0-rc2 (including) |
| Smarty | Smarty | 2.6.0-rc3 (including) | 2.6.0-rc3 (including) |
| Smarty | Smarty | 2.6.1 (including) | 2.6.1 (including) |
| Smarty | Smarty | 2.6.2 (including) | 2.6.2 (including) |
| Smarty | Smarty | 2.6.3 (including) | 2.6.3 (including) |
| Smarty | Smarty | 2.6.4 (including) | 2.6.4 (including) |
| Smarty | Smarty | 2.6.5 (including) | 2.6.5 (including) |
| Smarty | Smarty | 2.6.6 (including) | 2.6.6 (including) |
| Smarty | Smarty | 2.6.7 (including) | 2.6.7 (including) |
| Smarty | Smarty | 2.6.9 (including) | 2.6.9 (including) |
| Smarty | Smarty | 2.6.10 (including) | 2.6.10 (including) |
| Smarty | Smarty | 2.6.11 (including) | 2.6.11 (including) |
| Smarty | Smarty | 2.6.12 (including) | 2.6.12 (including) |
| Smarty | Smarty | 2.6.13 (including) | 2.6.13 (including) |
| Smarty | Smarty | 2.6.14 (including) | 2.6.14 (including) |
| Smarty | Smarty | 2.6.15 (including) | 2.6.15 (including) |
| Smarty | Smarty | 2.6.16 (including) | 2.6.16 (including) |
| Smarty | Smarty | 2.6.17 (including) | 2.6.17 (including) |
| Smarty | Smarty | 2.6.18 (including) | 2.6.18 (including) |
| Gallery2 | Ubuntu | dapper | * |
| Gallery2 | Ubuntu | hardy | * |
| Moodle | Ubuntu | dapper | * |
| Moodle | Ubuntu | hardy | * |
| Moodle | Ubuntu | intrepid | * |
| Smarty | Ubuntu | dapper | * |
| Smarty | Ubuntu | gutsy | * |
| Smarty | Ubuntu | hardy | * |
| Smarty | Ubuntu | intrepid | * |