USN-5348-3 smarty3 vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

The vulnerability of PHP Smarty template handlers, related to improper code generation, allows attackers to execute arbitrary PHP code.

The vulnerability of PHP Smarty templates is related to improper handling of code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary PHP code using a specially created malicious mathematical string...

USN-5348-1 smarty3 vulnerabilities

David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. CVE-2018-13982 It was discovered that Smarty was incorrectly sanitizing the...

DEBIAN-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

Design/Logic Flaw

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

PT-2021-6745 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.42 and 4.0.2 Description: The issue is related to the incorrect handling of code generation in the Smarty template engine for PHP. This allows template authors to run arbitrary PHP code by crafting a malicious mat...