CVE-2020-10375

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords in the second column. NOTE: this is unrelated to the popular Smarty template engine product.

Published: Feb 5, 2021
Updated: Apr 13, 2023
CVE: CVE-2020-10375
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-326

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
newmediacompany / smarty	-	9.10

https://www.smarty-online.de
https://www.x41-dsec.de/lab/advisories/x41-2020-005-smarty/

Vulnerability Database

290,020

CVE-2020-10375