7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Smarty is a template engine for PHP, facilitating the separation of
presentation (HTML/CSS) from application logic. In affected versions
template authors could inject php code by choosing a malicious file name
for an extends-tag. Sites that cannot fully trust template authors should
update asap. All users are advised to update. There is no patch for users
on the v3 branch. There are no known workarounds for this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | smarty3 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | smarty3 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | smarty3 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | smarty3 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | smarty3 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | smarty3 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | smarty4 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | smarty4 | < any | UNKNOWN |
github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a
github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a (v5.2.0)
github.com/smarty-php/smarty/commit/76881c8d33d80648f70c9b0339f770f5f69a87a2 (v4.5.3)
github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w
launchpad.net/bugs/cve/CVE-2024-35226
nvd.nist.gov/vuln/detail/CVE-2024-35226
security-tracker.debian.org/tracker/CVE-2024-35226
www.cve.org/CVERecord?id=CVE-2024-35226
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%