0.004 Low
EPSS
Percentile
73.8%
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
launchpad.net/bugs/cve/CVE-2017-1000480
nvd.nist.gov/vuln/detail/CVE-2017-1000480
security-tracker.debian.org/tracker/CVE-2017-1000480
www.cve.org/CVERecord?id=CVE-2017-1000480