VYPR
Get started
← All advisories
Moderate severityNVD Advisory· Published Feb 3, 2011· Updated Apr 29, 2026

CVE-2009-5054

CVE-2009-5054

Description

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
smarty/smartyPackagist
< 3.0.0-beta43.0.0-beta4

Affected products

61
  • Smarty/Smarty61 versions
    cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*+ 60 more
    • cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*range: <=2.6.26
    • cpe:2.3:a:smarty:smarty:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.0a:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.0b:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.0:b1:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.0:b2:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.5.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.5.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.20:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.22:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.24:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.25:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:smarty:smarty:2.6.9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.