DSA-5151-1 smarty3 -- smarty3ID: oval:org.secpod.oval:def:607812 | Date: (C)2022-06-02 (M)2023-02-13 |
Class: PATCH | Family: unix |
Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
Platform: |
Debian 10.x |
Debian 11.x |