Lucene search

GitHub Advisory DatabaseGHSA-4RMG-292M-WG3W

HistoryMay 29, 2024 - 6:44 p.m.

Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

2024-05-2918:44:30

CWE-94

GitHub Advisory Database

github.com

smarty

php

code injection

extends-tag

malicious file

template

update

version 4

version 5

patch

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Impact

Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.

Patches

Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3.

Affected configurations

Vulners

Node

smartysmartyRange3.0.0–4.5.3

smartysmartyRange5.0.0–5.1.1

VendorProductVersionCPE
smartysmarty*cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
smarty	smarty	*	cpe:2.3:a:smarty:smarty::::::::

References

github.com/advisories/GHSA-4rmg-292m-wg3w

github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a

github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w

nvd.nist.gov/vuln/detail/CVE-2024-35226

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for GHSA-4RMG-292M-WG3W