CVE-2009-1669

EUVD-2009-1664
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
smartysmarty
2.6.22
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gallery2
dapper
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
moodle
dapper
ignored
hardy
Fixed 1.8.2-1ubuntu4.2
released
intrepid
Fixed 1.8.2-1.2ubuntu2.1
released
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
smarty
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
Fixed 2.6.22-1ubuntu1.1
released
karmic
Fixed 2.6.22-1ubuntu2
released
lucid
Fixed 2.6.22-1ubuntu2
released
maverick
Fixed 2.6.22-1ubuntu2
released
natty
Fixed 2.6.22-1ubuntu2
released
oneiric
Fixed 2.6.22-1ubuntu2
released
Common Weakness Enumeration
References
http://osvdb.org/54380
http://secunia.com/advisories/35072
http://secunia.com/advisories/35219
http://www.securityfocus.com/bid/34918
http://www.ubuntu.com/usn/usn-791-3
https://exchange.xforce.ibmcloud.com/vulnerabilities/50457
https://www.exploit-db.com/exploits/8659
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01274.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01283.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01287.html
http://osvdb.org/54380
http://secunia.com/advisories/35072
http://secunia.com/advisories/35219
http://www.securityfocus.com/bid/34918
http://www.ubuntu.com/usn/usn-791-3
https://exchange.xforce.ibmcloud.com/vulnerabilities/50457
https://www.exploit-db.com/exploits/8659
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01274.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01283.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01287.html