Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

2024-05-2918:44:30

Google

osv.dev

smarty

php

code injection

malicious attribute

extends-tag

update

template author

vulnerability

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Impact

Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.

Patches

Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3.

CPENameOperatorVersion
smarty/smartyeq3.1.30
smarty/smartyeq4.3.5
smarty/smartyeq3.1.33
smarty/smartyeq3.1.39
smarty/smartyeq3.1.37.1
smarty/smartyeq4.4.1
smarty/smartyeq3.1.15
smarty/smartyeq4.5.2
smarty/smartyeq3.1.45
smarty/smartyeq5.0.0

Name	Operator	Version
smarty/smarty	eq	3.1.30
smarty/smarty	eq	4.3.5
smarty/smarty	eq	3.1.33
smarty/smarty	eq	3.1.39
smarty/smarty	eq	3.1.37.1
smarty/smarty	eq	4.4.1
smarty/smarty	eq	3.1.15
smarty/smarty	eq	4.5.2
smarty/smarty	eq	3.1.45
smarty/smarty	eq	5.0.0