VulnerableCode Vulnerability Details - VCID-rr48-d56n-hugj

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-rr48-d56n-hugj

Essentials
Severities (14)
References (13)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rr48-d56n-hugj
Aliases	CVE-2014-8350 GHSA-2pmx-6mm6-6v72
Summary	Secure mode bypass Script language="php" HTML tags are interpreted even in secure mode. This may allow a remote attacker to bypass secure mode's intended restrictions and execute arbitrary PHP code.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-94	Improper Control of Generation of Code ('Code Injection')

System	Score	Found at
generic_textual	HIGH	http://advisories.mageia.org/MGASA-2014-0468.html
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2014-8350
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2014-8350
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2014-8350
epss	0.00473	https://api.first.org/data/v1/epss?cve=CVE-2014-8350
generic_textual	HIGH	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920
generic_textual	HIGH	https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902
generic_textual	HIGH	http://seclists.org/oss-sec/2014/q4/420
generic_textual	HIGH	http://seclists.org/oss-sec/2014/q4/421
generic_textual	HIGH	https://exchange.xforce.ibmcloud.com/vulnerabilities/97725
generic_textual	HIGH	https://github.com/smarty-php/smarty
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2014-8350
generic_textual	HIGH	http://www.mandriva.com/security/advisories?name=MDVSA-2014:221
generic_textual	HIGH	http://www.securityfocus.com/bid/70708

Reference id	Reference type	URL
		http://advisories.mageia.org/MGASA-2014-0468.html
		http://osvdb.org/show/osvdb/113683
		https://api.first.org/data/v1/epss?cve=CVE-2014-8350
		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920
		https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8350
		http://seclists.org/oss-sec/2014/q4/420
		http://seclists.org/oss-sec/2014/q4/421
		https://exchange.xforce.ibmcloud.com/vulnerabilities/97725
		https://github.com/smarty-php/smarty
		https://nvd.nist.gov/vuln/detail/CVE-2014-8350
		http://www.mandriva.com/security/advisories?name=MDVSA-2014:221
		http://www.securityfocus.com/bid/70708

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.65058
EPSS Score	0.00473
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:36:18.790781+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/smarty/smarty/CVE-2014-8350.yml	38.6.0