Mandriva Linux Security Advisory : php-smarty (MDVSA-2009:052)
High Nessus Plugin ID 37766
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been identified and corrected in php-smarty :
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka php executed in templates
SolutionUpdate the affected php-smarty and / or php-smarty-manual packages.