14 matches found
Code Injection
smarty/smarty is vulnerable to code injection. The vulnerability is due to insufficient validation of file names used in the extends-tag. This allows attackers to inject PHP code by choosing a malicious file name for an extends-tag...
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
Impact Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3...
GHSA-4RMG-292M-WG3W Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
Impact Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3...
CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
DEBIAN-CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
UBUNTU-CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...
Smarty 安全漏洞
Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A security vulnerability exists in Smarty that stems from allowing an attacker to inject PHP code by selecting a malicious filename via extends-tag. Affected products and versions:...
GHSA-2RQ5-699J-X7P6 Arbitrary local file read vulnerability during template rendering
Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags...
swig 路径遍历漏洞
swig is a JavaScript template engine open-sourced by node-swig. A security vulnerability exists in swig swig-templates thru version 2.0.4 and swig thru version 1.4.2, which could allow an attacker to read arbitrary files via the include or extends tags...
PT-2023-20030 · Swig +1 · Swig +1
Name of the Vulnerable Software and Affected Versions: swig-templates versions 2.0.4 and earlier swig versions 1.4.2 and earlier Description: A directory traversal issue allows attackers to read arbitrary files via the include or extends tags. This can be exploited by attackers to access sensitiv...