Remote Code Execution (RCE)

Smarty is vulnerable to remote code execution. The library does not properly handle the illegal function names in function name='blah'/function, allowing a malicious user to inject and execute arbitrary commands...