Lucene search
K

792 matches found

UbuntuCve
UbuntuCve
added 2022/05/24 3:15 p.m.22 views

CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS6.6AI score0.0454EPSS
Exploits1References9
OSV
OSV
added 2022/05/24 3:15 p.m.2 views

UBUNTU-CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS6.7AI score0.0454EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2022/05/24 12:0 a.m.37 views

CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS6.1AI score0.0454EPSS
Exploits1
CVE
CVE
added 2022/05/24 12:0 a.m.181 views

CVE-2022-29221

CVE-2022-29221 affects the Smarty PHP template engine. Before versions 3.1.45 and 4.1.1, template authors could inject PHP code by using a malicious {block} name or {include} file name. This could allow code execution in untrusted templates. Affected users should upgrade to Smarty 3.1.45 or 4.1.1...

8.8CVSS8AI score0.0454EPSS
Exploits1References9Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/24 12:0 a.m.5 views

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS8.7AI score0.0454EPSS
Exploits1References9
Cvelist
Cvelist
added 2022/05/24 12:0 a.m.29 views

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS8.8AI score0.0454EPSS
Exploits1References9
OSV
OSV
added 2022/05/24 12:0 a.m.31 views

CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

8.8CVSS6.7AI score0.0454EPSS
Exploits1References11
OSV
OSV
added 2022/05/17 5:45 a.m.14 views

GHSA-JHM7-38XJ-PVM8 Cobbler is vulnerable to code injection

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

8.5CVSS6.8AI score0.03327EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 5:45 a.m.34 views

Cobbler is vulnerable to code injection

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

8.5CVSS5.6AI score0.03327EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2022/05/16 12:0 a.m.30 views

automad cross-site scripting vulnerability

automad is a flat file content management system and template engine. automad version 1.10.9 and prior versions contain a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting attacks...

3.5CVSS3.4AI score0.00636EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/05/14 2:3 a.m.17 views

GHSA-4CVM-5776-JX9F Ansible Arbitrary Code Execution

User module in ansible before 1.6.6 is vulnerable to command execution. Ansible can get the result of remote command in variable, which may come from untrusted source of input. If the content of variable isn't properly filtered and when attempting to use the variable, it will trigger a function...

8.8CVSS8.8AI score0.02498EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 2:3 a.m.25 views

Ansible Arbitrary Code Execution

User module in ansible before 1.6.6 is vulnerable to command execution. Ansible can get the result of remote command in variable, which may come from untrusted source of input. If the content of variable isn't properly filtered and when attempting to use the variable, it will trigger a function...

8.8CVSS7.6AI score0.02498EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/06 12:0 a.m.30 views

Debian DLA-2995-1 : smarty3 - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2995 advisory. Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a...

8.8CVSS7AI score0.0222EPSS
Exploits0References8
Debian
Debian
added 2022/05/05 8:7 p.m.38 views

[SECURITY] [DLA 2995-1] smarty3 security update

Debian LTS Advisory DLA-2995-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 05, 2022 https://wiki.debian.org/LTS Package : smarty3 Version : 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u5 CVE ID : CVE-2021-21408 CVE-2021-29454 Debian Bug : 1010375 Smarty3, a...

8.8CVSS6.8AI score0.0222EPSS
Exploits0
OSV
OSV
added 2022/04/27 9:5 p.m.20 views

GHSA-FV3M-XHQW-9M79 ballcat-codegen template engine remote code execution injection

Impact Ballcat Codegen provides the function of online editing code to generate templates. In version 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the...

8.8CVSS9.6AI score0.02909EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/04/27 9:5 p.m.25 views

ballcat-codegen template engine remote code execution injection

Impact Ballcat Codegen provides the function of online editing code to generate templates. In version 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the...

9.8CVSS6.1AI score0.02909EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/04/26 4:15 p.m.15 views

CVE-2022-24881

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

9.8CVSS0.02909EPSS
Exploits1References3
Prion
Prion
added 2022/04/26 4:15 p.m.15 views

Code injection

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

7.5CVSS9.8AI score0.02909EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/26 4:6 p.m.6 views

CVE-2022-24881 Command Injection in Ballcat Codegen

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

8.8CVSS9.9AI score0.02909EPSS
Exploits1References3
CNVD
CNVD
added 2022/04/08 12:0 a.m.15 views

edge.js cross-site scripting vulnerability

edge.js is the Node.js template engine. edges.js versions prior to 5.3.2 have a cross-site scripting vulnerability that stems from a type obfuscation vulnerability that can be exploited to bypass input cleanup when the input to be rendered is an array, even if is used, and can be used by attacker...

6.1CVSS2.6AI score0.00877EPSS
Exploits1References1
Rows per page
Query Builder