4 matches found
Astroid Template Framework 代码问题漏洞
Astroid Template Framework is an open-source Joomla template development framework developed by Astroid. The Astroid Template Framework has code vulnerabilities, which stem from inadequate protection of the file management function. This could allow unverified users to upload dangerous data types...
[SECURITY] Fedora 20 Update: php-Smarty-3.1.21-1.fc20
Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stre...
Smarty3远程代码执行漏洞
Smarty是PHP下广泛使用的前端模板框架。但由于Smarty3引入了新的特性,导致在某些情况下,可以利用特性组合直接远程执行任意代码。 由于Smarty3中引入了两个特性: 1、如果display,fetch等方法的模板路径参数接受到的模板文件名是以“string:”或者“eval:”开头的,smarty3就会将此后的字符串值作为模板文件内容,重新编译并执行之。参考连接:http://www.smarty.net/docs/en/template.resources.tpltemplates.from.string...
[SECURITY] Fedora 9 Update: php-Smarty-2.6.20-2.fc9
Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stre...