Debian Linux Security Advisory 5151-1 - Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
00378c9d45f203438ba46e8abbade7d4910a9331f6e4759dd22f7f3cc948f369
Ubuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template.
0772a4f586431a77ce7e420bfb608884c2576b38b6bef725c3a3b511a53168bd
Gentoo Linux Security Advisory 202105-6 - Multiple vulnerabilities in the Smarty template engine might allow remote attackers to execute arbitrary PHP code. Versions less than 3.1.39 are affected.
016e3373f4b3519b2e2fccdccb1527d72fcec6537924c2f7bbec5d50b5b2a236