PT-2026-50772

Name of the Vulnerable Software and Affected Versions JTL Shop versions 5.2.0 through 5.7.1 Description Unauthenticated attackers can inject malicious template syntax because unsanitized user-supplied input is passed to the Smarty template engine, a tool used to generate dynamic web content. This...

CVE-2026-45714

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

EUVD-2026-30176

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...

EUVD-2026-30165

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

CVE-2026-44377

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

tecno_xss_hotfix

tecnoxsshotfix Security hotfix module for PrestaShop — patc...

EUVD-2008-4789

Malware in sbrugna...

EUVD-2022-0443

Malicious code in bioql PyPI...

EUVD-2023-0924

Malicious code in bioql PyPI...

EUVD-2022-0423

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-35226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could...

CVE-2021-26119

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.templateobject can be accessed in sandbox mode...

USN-7377-1 smarty vulnerability

It was discovered that Smarty did not properly sanitize template file names. An attacker could possibly use this issue to cause Smarty to crash, resulting in a denial of service, or possibly execute arbitrary code...

UBUNTU-CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

Gambio Code Issue Vulnerability

Gambio is an all-in-one e-commerce solution from Gambio, Inc. A code issue vulnerability exists in Gambio 4.9.2.0 and prior versions that stems from allowing an attacker to run arbitrary code via a crafted smarty email template...

Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...

DEBIAN-CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

Design/Logic Flaw

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

PT-2023-21728

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.48 Smarty versions prior to 4.3.1 Description The issue is related to improper escaping of JavaScript code in the Smarty template engine for PHP. An attacker could exploit this to execute arbitrary JavaScript code ...