Lucene search
+L

5 matches found

osv
osv
added 2022/04/22 12:24 a.m.15 views

GHSA-6FRX-2R5W-C524 Smarty3 Arbitrary PHP Code Execution

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...

9.8CVSS9.7AI score0.01613EPSS
Exploits0References7
github
github
added 2022/04/22 12:24 a.m.28 views

Smarty3 Arbitrary PHP Code Execution

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...

9.8CVSS7.9AI score0.01613EPSS
Exploits0References7Affected Software1
debian
debian
added 2021/04/16 7:54 a.m.140 views

[SECURITY] [DLA 2618-2] smarty3 regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-2 [email protected] https://www.debian.org/lts/security/ Abhijith PA April 16, 2021 https://wiki.debian.org/LTS -...

9.8CVSS7.8AI score0.82316EPSS
Exploits3
nvd
nvd
added 2019/11/20 3:15 p.m.24 views

CVE-2011-1028

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smartyinternalcompileprivatespecialvariable.php file...

9.8CVSS9.8AI score0.01613EPSS
Exploits0References3
cvelist
cvelist
added 2011/09/23 11:0 p.m.20 views

CVE-2011-3758

::mound:: 2.1.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smartyinternaltemplate.php and certain other files...

6.1AI score0.01229EPSS
Exploits0References3
Rows per page
Query Builder