CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35226 – PHP Code Injection by malicious attribute in extends-tag in Smarty
https://notcve.org/view.php?id=CVE-2024-35226
28 May 2024 — Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. • https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41661 – WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41661
01 Sep 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en PressPage Entertainment Inc. Smarty para el complemento WordPress en versiones <= 3.1.35. • https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1CVE-2023-28447 – Cross site scripting vulnerability in Javascript escaping in smarty/smarty
https://notcve.org/view.php?id=CVE-2023-28447
28 Mar 2023 — Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. • https://github.com/drkbcn/lblfixer_cve_2023_28447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-25047 – Ubuntu Security Notice USN-7158-1
https://notcve.org/view.php?id=CVE-2018-25047
14 Sep 2022 — In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. En Smarty versiones anteriores a 3.1.47 y 4.x anteriores a 4.2.1, el archivo libs/plugins/function.mailto.php permite un ataque de tipo XSS. Una página web que usa smarty_function_mailto, y que pueda ser parametrizada usando parámetros de entrada GET o POS... • https://bugs.gentoo.org/870100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-29221 – PHP Code Injection by malicious block or filename in Smarty
https://notcve.org/view.php?id=CVE-2022-29221
24 May 2022 — Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. Smarty es un motor de plantillas para PHP, que facilita la separación de la presentación (HTM... • https://github.com/sbani/CVE-2022-29221-PoC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-21408 – Access to restricted PHP code by dynamic static class access in smarty
https://notcve.org/view.php?id=CVE-2021-21408
10 Jan 2022 — Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. Smarty es un motor de plantillas para PHP que facilita la separación de la presentación (HTML/CSS) de la lógica de la aplicación. Antes de las versiones 3.1.43 y 4.0.3, los autores de plantillas podían ejecutar métodos estáticos restr... • https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29454 – Sandbox Escape by math function in smarty
https://notcve.org/view.php?id=CVE-2021-29454
10 Jan 2022 — Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. Smarty es un motor de plantillas para PHP que fa... • https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26120 – Debian Security Advisory 5151-1
https://notcve.org/view.php?id=CVE-2021-26120
22 Feb 2021 — Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. Smarty versiones anteriores a 3.1.39, permite una inyección de código por medio de un nombre de función no previsto después de una subcadena {function name= Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an ... • https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26119 – Debian Security Advisory 5151-1
https://notcve.org/view.php?id=CVE-2021-26119
22 Feb 2021 — Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. Smarty versiones anteriores a 3.1.39, permite un Escape del Sandbox porque un $smarty.template_object puede ser accedido en el modo sandbox Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} o... • https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1028
https://notcve.org/view.php?id=CVE-2011-1028
20 Nov 2019 — The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. La variable $smarty.template en Smarty3 permite a atacantes posiblemente ejecutar código PHP arbitrario por medio del archivo sysplugins/smarty_internal_compile_private_special_variable.php. • https://access.redhat.com/security/cve/cve-2011-1028 • CWE-20: Improper Input Validation •