19 matches found
Fedora 37 : php-Smarty (2022-d5fc9dcdd7)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d5fc9dcdd7 advisory. 3.1.47 - 2022-09-14 Security - Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks 454 Fixed - Fixed use ...
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)
The remote Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6550-1 advisory. It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generatin...
USN-6012-1: Smarty vulnerability
It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code. CVE-2022-29221...
Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...
Ubuntu: Security Advisory (USN-6012-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for php-Smarty (FEDORA-2022-d5fc9dcdd7)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Mageia: Security Advisory (MGASA-2022-0226)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated php-smarty packages fix security vulnerability
Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...
Debian: Security Advisory (DLA-3033-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5151-1 : smarty3 - security update
The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...
Debian: Security Advisory (DSA-5151-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-3033-1 : smarty3 - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-3033 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors cou...
[SECURITY] [DLA 3033-1] smarty3 security update
Debian LTS Advisory DLA-3033-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 29, 2022 https://wiki.debian.org/LTS Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6 CVE ID : CVE-2022-29221 Debian Bug : 1011758 Smarty3 is a template engi...
Exploit for Code Injection in Smarty
CVE-2022-29221-PoC This is a very basic Smarty sceleton app wi...
CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...
CVE-2022-29221
CVE-2022-29221 affects the Smarty PHP template engine. Before versions 3.1.45 and 4.1.1, template authors could inject PHP code by using a malicious {block} name or {include} file name. This could allow code execution in untrusted templates. Affected users should upgrade to Smarty 3.1.45 or 4.1.1...
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...