34 matches found
CVE-2026-45714
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates, Invoices, Documents, and Contact Forms. The application unsafely evaluates user-supplied input using the...
EUVD-2026-30165
CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...
EUVD-2023-0924
Malicious code in bioql PyPI...
EUVD-2022-0423
Malicious code in bioql PyPI...
EUVD-2022-0443
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-35226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could...
UBUNTU-CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...
DEBIAN-CVE-2023-28447
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
Design/Logic Flaw
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
PT-2023-21728
Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.48 Smarty versions prior to 4.3.1 Description The issue is related to improper escaping of JavaScript code in the Smarty template engine for PHP. An attacker could exploit this to execute arbitrary JavaScript code ...
Smarty 跨站脚本漏洞
Smarty is a PHP-based template engine that facilitates the separation of representations HTML/CSS from application logic. A security vulnerability exists in Smarty versions prior to 3.1.47, and 4.x versions prior to 4.2.1, which stems from the discovery of a cross-site scripting vulnerability...
Debian DSA-5151-1 : smarty3 - security update
The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
DEBIAN-CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
DEBIAN-CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
UBUNTU-CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
UBUNTU-CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
CVE-2021-29454 Sandbox Escape by math function in smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...