Download
| Alert*
|
oval:org.secpod.oval:def:603247
smarty3 is installed oval:org.secpod.oval:def:607812 Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math strin ... oval:org.secpod.oval:def:2001610 Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. oval:org.secpod.oval:def:53234 It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. oval:org.secpod.oval:def:2001369 Smarty_Security::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. oval:org.secpod.oval:def:603245 It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. oval:org.secpod.oval:def:603256 FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch. For reference, the relevant part of the original advisory text follows. It was discovered that Smarty, a PHP template engine, was vulnerable to ... oval:org.secpod.oval:def:88359 Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math strin ... oval:org.secpod.oval:def:80410 smarty3: The compiling PHP template engine Several security issues were fixed in Smarty. |
