DSA-5151-1 smarty3 -- smarty3ID: oval:org.secpod.oval:def:88359 | Date: (C)2023-03-28 (M)2023-11-13 |
Class: PATCH | Family: unix |
Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
Platform: |
Linux Mint 4 |
Linux Mint 5 |