SDLLMFuzz: Dynamic-Static LLM-Assisted Greybox Fuzzing for Structured Input Programs

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedbac...

GHSA-4H9C-V5VG-5M6M Access to restricted PHP code by dynamic static class access in smarty

Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...

Improper Input Validation

smarty/smarty is vulnerable to improper input validation. The vulnerability exists in smartyinternaltemplateparser.php because the security settings are not properly defined which allows an attacker to the restricted code through dynamic static class...

CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...