CVE-2008-7034

PHPEcho CMS 2.0 rc3 - Remote Code Execution via Smarty Template Compile Path Manipulation

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.

References (4)

Core 4
Core References
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2008-02/0401.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51018
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27960
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40792

Scores

EPSS 0.0151
EPSS Percentile 71.4%

Details

CWE
CWE-94
Status published
Products (1)
tigran_abrahamyan/phpecho_cms 2.0 rc3
Published Aug 24, 2009
Tracked Since Feb 18, 2026