5 matches found
CVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
CVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
CVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...
CVE-2015-7809
Removed by vendor...
FreeBSD : pear-twig -- remote code execution (705b759c-7293-11e5-a371-14dae9d210b8)
Fabien Potencier reports : End users can craft valid Twig code that allows them to execute arbitrary code RCEs via the self variable, which is always available, even in sandboxed templates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...