Smarty

Smarty

31 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2010-4722

  • EPSS 0.44%
  • Published 03.02.2011 17:00:01
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors.

7.5

CVE-2009-5054

  • EPSS 0.08%
  • Published 03.02.2011 17:00:01
  • Last modified 11.04.2025 00:51:21

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

7.5

CVE-2009-5053

  • EPSS 0.62%
  • Published 03.02.2011 17:00:01
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.

10

CVE-2009-5052

  • EPSS 0.58%
  • Published 03.02.2011 17:00:01
  • Last modified 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

10

CVE-2009-1669

Exploit
  • EPSS 19.48%
  • Published 18.05.2009 18:30:00
  • Last modified 09.04.2025 00:30:58

The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these detail...

7.5

CVE-2008-4811

  • EPSS 1%
  • Published 31.10.2008 18:09:08
  • Last modified 09.04.2025 00:30:58

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

7.5

CVE-2008-4810

  • EPSS 1.41%
  • Published 31.10.2008 18:09:08
  • Last modified 09.04.2025 00:30:58

The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" ...

7.5

CVE-2008-1066

  • EPSS 1.18%
  • Published 28.02.2008 20:44:00
  • Last modified 09.04.2025 00:30:58

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

7.5

CVE-2006-7193

Exploit
  • EPSS 0.8%
  • Published 12.04.2007 19:19:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR...

7.5

CVE-2006-7105

Exploit
  • EPSS 0.89%
  • Published 03.03.2007 21:19:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, ...