A bug in the smarty version contained in moodle could be exploited by attackers to execute arbitrary php code (CVE-2008-1066).

The remote host is affected by the vulnerability described in GLSA-201006-13 (Smarty: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Smarty:
    The vendor reported that the modifier.regex_replace.php plug-in     contains an input sanitation flaw related to the ASCII NUL character     (CVE-2008-1066).
    The vendor reported that the
    _expand_quoted_text() function in libs/Smarty_Compiler.class.php     contains an input sanitation flaw via multiple vectors (CVE-2008-4810,     CVE-2008-4811).
    Nine:Situations:Group::bookoo reported that     the smarty_function_math() function in libs/plugins/function.math.php     contains input sanitation flaw (CVE-2009-1669).
  Impact :

    These issues might allow a remote attacker to execute arbitrary PHP     code.
  Workaround :

    There is no known workaround at this time.

リモートホストは、GLSA-201006-13 で説明されている脆弱性の影響を受けます（Smarty：複数の脆弱性）

Smarty で複数の脆弱性が発見されました：
 ベンダーは、modifier.regex_replace.php プラグインには、ASCII NUL 文字に関連する入力サニタイズの欠陥があると報告しました（CVE-2008-1066）。
 ベンダーは、libs/Smarty_Compiler.class.php の
 _expand_quoted_text() 関数に、複数のベクトルを通じた入力サニタイズの欠陥があると報告しました（CVE-2008-4810、CVE-2008-4811）。
 Nine:Situations:Group::bookoo は、libs/plugins/function.math.php の smarty_function_math() 関数に入力サニタイズの欠陥があると報告しました（CVE-2009-1669）。
 影響：

これらの問題によって、リモートの攻撃者が任意の PHP コードを実行する可能性があります。
 回避策：

現時点で、既知の回避策はありません。

リモートホストは GLSA-201111-04 で説明されている脆弱性による影響を受けます（phpDocumentor：関数呼び出しインジェクション）

    phpDocumentor には、modifier.regex_replace.php プラグインを含む Smarty がバンドルされていますが、プラグインは検索文字列の ASCII NUL 文字に関連する入力を適切にサニタイズしません。
  影響：

    リモートの攻撃者が、テンプレートを介して任意の PHP 関数を呼び出す可能性があります。
  回避策：

    現時点では、既知の回避策はありません。

遠端主機受到 GLSA-201111-04 中所述的弱點影響 (phpDocumentor：函式呼叫插入)

    phpDocumentor 將 Smarty 與 modifier.regex_replace.php 外掛程式搭售，其未正確清理搜尋字串中有關 ASCII NUL 字元的輸入。
  影響：

    遠端攻擊者可透過範本呼叫任意 PHP 函式。
  因應措施：

    目前尚無已知的因應措施。

远程主机受到 GLSA-201111-04 中所述漏洞的影响 (phpDocumentor：函数调用注入)

    phpDocumentor 将 Smarty 与 modifier.regex_replace.php 插件搭售，其未正确审查搜索字符串中有关 ASCII 空字符的输入。
  影响：

    远程攻击者可通过模板调用任意 PHP 函数。
  变通方案：

    目前无任何已知的变通方案。

The remote host is affected by the vulnerability described in GLSA-201111-04 (phpDocumentor: Function call injection)

    phpDocumentor bundles Smarty with the modifier.regex_replace.php plug-in       which does not properly sanitize input related to the ASCII NUL character       in a search string.
  Impact :

    A remote attacker could call arbitrary PHP functions via templates.
  Workaround :

    There is no known workaround at this time.

Use system Smarty, instead of packaging our own.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Thu Mar 20 2008 John Berninger <john at ncphotography     dot com> - 2.2.4-3

    - revert to SVN snapshot so that config-time integrity       checks don't fail

    - remove embedded copy of smarty and use php-Smarty       package

    - Sat Dec 29 2007 John Berninger <john at ncphotography       dot com) - 2.2.4-2

    - BZ 279961 - allow FileInfo

    - Mon Dec 24 2007 Lubomir Kundrak <lkundrak at       redhat.com> 2.2.4-1

    - A christmas present -- critical security update to       2.2.4

    - Fri Aug 31 2007 John Berninger <john at ncphotography       dot com> - 2.2-0.7.svn20070831

    - update to 2.2.3 SVN snapshot to fix security vuln's -       bz 267421

    - Tue Jun 5 2007 John Berninger <johnw at       berningeronline dot net> - 2.2-0.6.svn20070506

    - Fix escaping syntax problem in post scriptlet

    - Tue May 15 2007 John Berninger <johnw at       berningeronline dot net> - 2.2-0.5.svn20070506

    - README file update and new build

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Thu Mar 20 2008 John Berninger <john at ncphotography     dot com> - 2.2.4-3

    - revert to SVN snapshot so that config-time integrity       checks don't fail

    - remove embedded copy of smarty and use php-Smarty       package

    - Sat Dec 29 2007 John Berninger <john at ncphotography       dot com) - 2.2.4-2

    - BZ 279961 - allow FileInfo

    - Mon Dec 24 2007 Lubomir Kundrak <lkundrak at       redhat.com> 2.2.4-1

    - A christmas present -- critical security update to       2.2.4

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.

ID	名稱	產品	系列	已發布	已更新	嚴重性
31637	openSUSE 10 Security Update : moodle (moodle-5109)	Nessus	SuSE Local Security Checks	2008/3/21	2021/1/14	high
46793	GLSA-201006-13 : Smarty: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	2010/6/3	2021/1/6	critical
46793	GLSA-201006-13：Smarty：複数の脆弱性	Nessus	Gentoo Local Security Checks	2010/6/3	2021/1/6	critical
56808	GLSA-201111-04：phpDocumentor：関数呼び出しインジェクション	Nessus	Gentoo Local Security Checks	2011/11/14	2021/1/6	high
56808	GLSA-201111-04 : phpDocumentor：函式呼叫插入	Nessus	Gentoo Local Security Checks	2011/11/14	2021/1/6	high
56808	GLSA-201111-04 : phpDocumentor：函数调用注入	Nessus	Gentoo Local Security Checks	2011/11/14	2021/1/6	high
56808	GLSA-201111-04 : phpDocumentor: Function call injection	Nessus	Gentoo Local Security Checks	2011/11/14	2021/1/6	high
31688	Fedora 8 : php-pear-PhpDocumentor-1.4.1-2.fc8 (2008-2656)	Nessus	Fedora Local Security Checks	2008/3/28	2021/1/11	high
31970	Fedora 7 : gallery2-2.2.4-3.fc7 (2008-2587)	Nessus	Fedora Local Security Checks	2008/4/18	2021/1/11	high
31971	Fedora 8 : gallery2-2.2.4-3.fc8 (2008-2650)	Nessus	Fedora Local Security Checks	2008/4/18	2021/1/11	high
31591	Debian DSA-1520-1 : smarty - insufficient input sanitising	Nessus	Debian Local Security Checks	2008/3/17	2021/1/4	high

偵測

搜尋 Plugin

high

critical

critical

high

high

high

high

high

high

high

high