EUVD-2026-30165

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection SSTI vulnerability exists in multiple modules of CubeCart including Email Templates and Documents. The application unsafely evaluates user-supplied input directly through the Smarty templat...

EUVD-2023-0924

Malicious code in bioql PyPI...

EUVD-2022-0443

Malicious code in bioql PyPI...

EUVD-2022-0423

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-35226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could...

Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6012-1 advisory. It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue...

Design/Logic Flaw

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

PT-2023-21728

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.48 Smarty versions prior to 4.3.1 Description The issue is related to improper escaping of JavaScript code in the Smarty template engine for PHP. An attacker could exploit this to execute arbitrary JavaScript code ...

Smarty 跨站脚本漏洞

Smarty is a PHP-based template engine that facilitates the separation of representations HTML/CSS from application logic. A security vulnerability exists in Smarty versions prior to 3.1.47, and 4.x versions prior to 4.2.1, which stems from the discovery of a cross-site scripting vulnerability...

Debian DSA-5151-1 : smarty3 - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5151 advisory. - Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3,...

CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

DEBIAN-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

UBUNTU-CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

UBUNTU-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

CVE-2021-29454 Sandbox Escape by math function in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

PT-2022-9201 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3 Description: Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods...

Simon Wisselink Smarty 代码注入漏洞

The Smart template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart Template Engine, which allows an attacker to write to a cache file via the...

PT-2021-6791 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.39 Description: The issue is related to incorrect code generation handling when processing invalid function names in the Smarty template engine for PHP. This can allow a remote attacker to execute arbitrary code...

Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection

More info at https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html...