Showing 1 - 3 of 3

CVE-2021-29454

Status Candidate

Overview

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

Related Files

Gentoo Linux Security Advisory 202209-09: Posted Sep 26, 2022; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202209-9 - Multiple vulnerabilities have been found in Smarty, the worst of which could result in remote code execution. Versions less than 4.2.1 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2018-25047, CVE-2021-21408, CVE-2021-29454, CVE-2022-29221; SHA-256 | 8a9753a3318c6302ef6528cd85e6f858a3e8e25c2174e9c1bdaf58ea02e08e97; Download | Favorite | View

Debian Security Advisory 5151-1: Posted May 28, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5151-1 - Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.; tags | advisory, remote, arbitrary, php, vulnerability; systems | linux, debian; advisories | CVE-2021-21408, CVE-2021-26119, CVE-2021-26120, CVE-2021-29454, CVE-2022-29221; SHA-256 | 00378c9d45f203438ba46e8abbade7d4910a9331f6e4759dd22f7f3cc948f369; Download | Favorite | View

Ubuntu Security Notice USN-5348-1: Posted Mar 28, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5348-1 - David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. It was discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template.; tags | advisory, arbitrary; systems | linux, ubuntu; advisories | CVE-2018-13982, CVE-2018-16831, CVE-2021-21408, CVE-2021-26119, CVE-2021-26120, CVE-2021-29454; SHA-256 | 0772a4f586431a77ce7e420bfb608884c2576b38b6bef725c3a3b511a53168bd; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

CVE-2021-29454

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems