CVE-2024-35226

PHP Code Injection by malicious attribute in extends-tag in Smarty

Severity Score

7.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.

Smarty es un motor de plantillas para PHP que facilita la separación de la presentación (HTML/CSS) de la lógica de la aplicación. En las versiones afectadas, los autores de plantillas podían inyectar código php eligiendo un nombre de archivo malicioso para una etiqueta extendida. Los sitios que no pueden confiar plenamente en los autores de las plantillas deben actualizarlas lo antes posible. Se recomienda a todos los usuarios que actualicen. No hay ningún parche para los usuarios de la rama v3. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

GitHubv3.1 7.3

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-14 CVE Reserved
2024-05-28 CVE Published
2024-05-29 EPSS Updated
2024-09-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (2)

URL	Tag	Source
https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a	X_refsource_misc
https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Smarty-php Search vendor "Smarty-php"		Smarty Search vendor "Smarty-php" for product "Smarty"				>= 5.0.0 < 5.1.1 Search vendor "Smarty-php" for product "Smarty" and version " >= 5.0.0 < 5.1.1"		en		Affected
Smarty-php Search vendor "Smarty-php"		Smarty Search vendor "Smarty-php" for product "Smarty"				>= 3.0.0 < 4.5.3 Search vendor "Smarty-php" for product "Smarty" and version " >= 3.0.0 < 4.5.3"		en		Affected