Debian Linux Security Advisory 5151-1 - Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
00378c9d45f203438ba46e8abbade7d4910a9331f6e4759dd22f7f3cc948f369Ubuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template.
0772a4f586431a77ce7e420bfb608884c2576b38b6bef725c3a3b511a53168bdGentoo Linux Security Advisory 202105-6 - Multiple vulnerabilities in the Smarty template engine might allow remote attackers to execute arbitrary PHP code. Versions less than 3.1.39 are affected.
016e3373f4b3519b2e2fccdccb1527d72fcec6537924c2f7bbec5d50b5b2a236
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed