Lucene search
+L

19 matches found

nessus
nessus
added 2024/11/14 12:0 a.m.13 views

Fedora 37 : php-Smarty (2022-d5fc9dcdd7)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d5fc9dcdd7 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...

9.8CVSS7.5AI score0.82316EPSS
Exploits3References6
nessus
nessus
added 2023/12/12 12:0 a.m.43 views

Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)

The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6550-1 advisory. It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generatin...

8.8CVSS7AI score0.04923EPSS
Exploits2References4
ubuntu
ubuntu
added 2023/04/13 7:16 a.m.90 views

USN-6012-1: Smarty vulnerability

It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. CVE-2022-29221...

8.8CVSS7AI score0.0454EPSS
Exploits1
nessus
nessus
added 2023/04/13 12:0 a.m.33 views

Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...

8.8CVSS7AI score0.0454EPSS
Exploits1References2
openvas
openvas
added 2023/04/13 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-6012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.0454EPSS
Exploits1References2
openvas
openvas
added 2022/11/11 12:0 a.m.27 views

Fedora: Security Advisory for php-Smarty (FEDORA-2022-d5fc9dcdd7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.2AI score0.82316EPSS
Exploits3References2
openvas
openvas
added 2022/06/14 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2022-0226)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.0454EPSS
Exploits1References6
mageia
mageia
added 2022/06/13 8:44 p.m.51 views

Updated php-smarty packages fix security vulnerability

Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...

8.8CVSS2.7AI score0.0454EPSS
Exploits1References4
openvas
openvas
added 2022/06/01 12:0 a.m.24 views

Debian: Security Advisory (DLA-3033-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.0454EPSS
Exploits1References4
nessus
nessus
added 2022/05/31 12:0 a.m.43 views

Debian DSA-5151-1 : smarty3 - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...

9.8CVSS7AI score0.82316EPSS
Exploits3References15
openvas
openvas
added 2022/05/31 12:0 a.m.28 views

Debian: Security Advisory (DSA-5151-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.0454EPSS
Exploits1References4
nessus
nessus
added 2022/05/31 12:0 a.m.37 views

Debian DLA-3033-1 : smarty3 - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3033 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors cou...

8.8CVSS6.6AI score0.0454EPSS
Exploits1References6
debian
debian
added 2022/05/29 3:1 p.m.80 views

[SECURITY] [DLA 3033-1] smarty3 security update

Debian LTS Advisory DLA-3033-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 29, 2022 https://wiki.debian.org/LTS Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6 CVE ID : CVE-2022-29221 Debian Bug : 1011758 Smarty3 is a template engi...

8.8CVSS6.5AI score0.0454EPSS
Exploits1
githubexploit
githubexploit
added 2022/05/25 6:2 a.m.673 views

Exploit for Code Injection in Smarty

CVE-2022-29221-PoC This is a very basic Smarty sceleton app wi...

8.8CVSS8.1AI score0.0454EPSS
Exploits1
ubuntucve
ubuntucve
added 2022/05/24 3:15 p.m.23 views

CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS6.6AI score0.0454EPSS
Exploits1References9
vulnrichment
vulnrichment
added 2022/05/24 12:0 a.m.5 views

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS8.7AI score0.0454EPSS
Exploits1References9
osv
osv
added 2022/05/24 12:0 a.m.32 views

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS6.7AI score0.0454EPSS
Exploits1References11
cve
cve
added 2022/05/24 12:0 a.m.184 views

CVE-2022-29221

CVE-2022-29221 affects the Smarty PHP template engine. Before versions 3.1.45 and 4.1.1, template authors could inject PHP code by using a malicious {block} name or {include} file name. This could allow code execution in untrusted templates. Affected users should upgrade to Smarty 3.1.45 or 4.1.1...

8.8CVSS8AI score0.0454EPSS
Exploits1References9Affected Software1
cvelist
cvelist
added 2022/05/24 12:0 a.m.37 views

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS8.8AI score0.0454EPSS
Exploits1References9
Rows per page
Query Builder