790 matches found
Input validation
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...
UBUNTU-CVE-2022-0323
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...
CVE-2022-0323
CVE-2022-0323 refers to an issue in the Packagist mustache/mustache template engine: improper neutralization of special elements in templates prior to version 2.14.1. Multiple connected sources reiter this vulnerability affecting the mustache library used in various apps (e.g., Moodle references)...
CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...
CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1...
mustache.php 代码注入漏洞
mustache.php is an implementation of Mustache in PHP. A security vulnerability exists in mustache.php prior to version 2.14.1, which stems from the software's lack of effective filtering and escaping of special elements used in the template engine...
DEBIAN-CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
DEBIAN-CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
Design/Logic Flaw
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
Design/Logic Flaw
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
UBUNTU-CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...
UBUNTU-CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...
Smarty 注入漏洞
Smarty is Smarty is a template engine for PHP that helps to separate the representation HTML/CSS from the application logic. Smarty suffers from a security vulnerability that stems from the fact that prior to versions 3.1.42 and 4.0.2, a template author can run arbitrary PHP code by constructing ...
CVE-2021-29454
Smarty (PHP templating engine) prior to versions 3.1.42 and 4.0.2 is vulnerable to arbitrary PHP code execution via the math function when a malicious math string is supplied by user data. Root cause: the math function can evaluate crafted strings, enabling remote code execution. Affected product...