Lucene search
K

790 matches found

Prion
Prion
added 2022/01/21 6:15 p.m.11 views

Input validation

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...

6.5CVSS8.5AI score0.00691EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/21 6:15 p.m.4 views

UBUNTU-CVE-2022-0323

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...

8.8CVSS6.4AI score0.00691EPSS
Exploits1References4
CVE
CVE
added 2022/01/21 6:0 p.m.109 views

CVE-2022-0323

CVE-2022-0323 refers to an issue in the Packagist mustache/mustache template engine: improper neutralization of special elements in templates prior to version 2.14.1. Multiple connected sources reiter this vulnerability affecting the mustache library used in various apps (e.g., Moodle references)...

8.8CVSS6.5AI score0.00691EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/21 6:0 p.m.40 views

CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...

5.3CVSS8.8AI score0.00691EPSS
Exploits1References2
OSV
OSV
added 2022/01/21 6:0 p.m.20 views

CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php

Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...

5.3CVSS5.7AI score0.00691EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/01/21 12:0 a.m.4 views

mustache.php 代码注入漏洞

mustache.php is an implementation of Mustache in PHP. A security vulnerability exists in mustache.php prior to version 2.14.1, which stems from the software's lack of effective filtering and escaping of special elements used in the template engine...

8.8CVSS6.3AI score0.00691EPSS
Exploits1References4
OSV
OSV
added 2022/01/10 8:15 p.m.1 views

DEBIAN-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS7.2AI score0.01927EPSS
Exploits0References1
NVD
NVD
added 2022/01/10 8:15 p.m.24 views

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS0.01927EPSS
Exploits0References11
NVD
NVD
added 2022/01/10 8:15 p.m.22 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS0.0222EPSS
Exploits0References9
OSV
OSV
added 2022/01/10 8:15 p.m.3 views

DEBIAN-CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.8AI score0.0222EPSS
Exploits0References1
OSV
OSV
added 2022/01/10 8:15 p.m.26 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.6AI score
Exploits0References9
UbuntuCve
UbuntuCve
added 2022/01/10 8:15 p.m.27 views

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.6AI score0.0222EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2022/01/10 8:15 p.m.47 views

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS6.7AI score0.01927EPSS
Exploits0References10
Prion
Prion
added 2022/01/10 8:15 p.m.27 views

Design/Logic Flaw

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

6.5CVSS8.6AI score0.01927EPSS
Exploits0References11Affected Software3
Prion
Prion
added 2022/01/10 8:15 p.m.22 views

Design/Logic Flaw

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

6.5CVSS8.4AI score0.0222EPSS
Exploits0References9Affected Software3
OSV
OSV
added 2022/01/10 8:15 p.m.2 views

UBUNTU-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

8.8CVSS6.8AI score0.01927EPSS
Exploits0References11
OSV
OSV
added 2022/01/10 8:15 p.m.3 views

UBUNTU-CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS6.6AI score0.0222EPSS
Exploits0References9
Cvelist
Cvelist
added 2022/01/10 12:0 a.m.30 views

CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

8.8CVSS9.3AI score0.0222EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.7 views

Smarty 注入漏洞

Smarty is Smarty is a template engine for PHP that helps to separate the representation HTML/CSS from the application logic. Smarty suffers from a security vulnerability that stems from the fact that prior to versions 3.1.42 and 4.0.2, a template author can run arbitrary PHP code by constructing ...

8.8CVSS6.8AI score0.01927EPSS
Exploits0References17
CVE
CVE
added 2022/01/10 12:0 a.m.137 views

CVE-2021-29454

Smarty (PHP templating engine) prior to versions 3.1.42 and 4.0.2 is vulnerable to arbitrary PHP code execution via the math function when a malicious math string is supplied by user data. Root cause: the math function can evaluate crafted strings, enabling remote code execution. Affected product...

8.8CVSS8.4AI score0.01927EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder