CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2018-13982 – Ubuntu Security Notice USN-5348-1
https://notcve.org/view.php?id=CVE-2018-13982
18 Sep 2018 — Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. Smarty_Security::isTrustedResourceDir() en Smarty en versiones anteriores a la 3.1.33 es propenso a una vulnerabilidad de salto de directorio debido al saneamiento insuficiente de códigos de plantilla. Esto permite qu... • https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16831 – Ubuntu Security Notice USN-5348-1
https://notcve.org/view.php?id=CVE-2018-16831
11 Sep 2018 — Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. Smarty en versiones anteriores a la 3.1.33-dev-4 permite que los atacantes omitan el mecanismo de protección trusted_dir mediante una subcadena file:./../ en una instrucción include. David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when c... • https://github.com/smarty-php/smarty/issues/486 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000480 – Debian Security Advisory 4094-1
https://notcve.org/view.php?id=CVE-2017-1000480
03 Jan 2018 — Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. Smarty 3, en versiones anteriores a la 3.1.32, es vulnerable a una inyección de código PHP al llamar a las funciones fetch() o display() en recursos personalizados que no sanean el nombre de la plantilla. It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comm... • https://github.com/smarty-php/smarty/blob/master/change_log.txt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 4%CPEs: 100EXPL: 3CVE-2014-8350 – Mandriva Linux Security Advisory 2014-221
https://notcve.org/view.php?id=CVE-2014-8350
03 Nov 2014 — Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. Smarty anterior a 3.1.21 permite a atacantes remotos evadir las restricciones del modo seguro y ejecutar código PHP arbitrario tal y como fue demostrado por '{literal}<{/literal}script language=php>' en una plantilla. Although Mandriva forgot to include a problem description in this advisory, it appears that their late... • http://advisories.mageia.org/MGASA-2014-0468.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 92EXPL: 0CVE-2012-4437 – Mandriva Linux Security Advisory 2014-221
https://notcve.org/view.php?id=CVE-2012-4437
01 Oct 2012 — Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la clase SmartyException en Smarty (también conocido como smarty-php), antes de v3.1.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados q... • http://advisories.mageia.org/MGASA-2014-0468.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 87EXPL: 1CVE-2012-4277
https://notcve.org/view.php?id=CVE-2012-4277
13 Aug 2012 — Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función smarty_function_html_options_optoutput en distribution/libs/plugins/function.html_options.php en Smarty antes de v3.1.8 permite a atacantes remotos inyectar secuencias... • http://code.google.com/p/smarty-php/issues/detail?id=98&can=1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •