Filtered by vendor Smarty
Subscribe
Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-25047 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2023-03-03 | N/A | 5.4 MEDIUM |
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. | |||||
CVE-2022-29221 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. | |||||
CVE-2021-21408 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. | |||||
CVE-2021-29454 | 3 Debian, Fedoraproject, Smarty | 3 Debian Linux, Fedora, Smarty | 2022-12-08 | 6.5 MEDIUM | 8.8 HIGH |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. | |||||
CVE-2021-26119 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2022-10-14 | 5.0 MEDIUM | 7.5 HIGH |
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | |||||
CVE-2021-26120 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2022-10-14 | 7.5 HIGH | 9.8 CRITICAL |
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | |||||
CVE-2018-13982 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | |||||
CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | |||||
CVE-2018-16831 | 1 Smarty | 1 Smarty | 2018-11-16 | 7.1 HIGH | 5.9 MEDIUM |
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | |||||
CVE-2017-1000480 | 1 Smarty | 1 Smarty | 2018-02-03 | 7.5 HIGH | 9.8 CRITICAL |
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | |||||
CVE-2009-1669 | 1 Smarty | 1 Smarty | 2017-09-28 | 10.0 HIGH | N/A |
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information. | |||||
CVE-2014-8350 | 1 Smarty | 1 Smarty | 2017-09-07 | 7.5 HIGH | N/A |
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. | |||||
CVE-2008-4810 | 1 Smarty | 1 Smarty | 2017-08-07 | 7.5 HIGH | N/A |
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. | |||||
CVE-2008-4811 | 1 Smarty | 1 Smarty | 2017-08-07 | 7.5 HIGH | N/A |
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character. | |||||
CVE-2008-1066 | 1 Smarty | 1 Smarty | 2017-08-07 | 7.5 HIGH | N/A |
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string. | |||||
CVE-2006-7193 | 1 Smarty | 1 Smarty | 2017-07-28 | 7.5 HIGH | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant. | |||||
CVE-2006-7105 | 1 Smarty | 1 Smarty | 2017-07-28 | 7.5 HIGH | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect. | |||||
CVE-2005-0913 | 1 Smarty | 1 Smarty | 2017-07-10 | 7.5 HIGH | N/A |
Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code. | |||||
CVE-2012-4437 | 1 Smarty | 1 Smarty | 2015-11-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. | |||||
CVE-2012-4277 | 1 Smarty | 1 Smarty | 2012-08-13 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |