NuytsTech Security

CVE-2008-1066

by ·

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a ‘’ character in a search string.

Date published : 2008-02-28

http://www.securityfocus.com/bid/28105

http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html

Tags: