Vulnerabilities > Smarty
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-03 | CVE-2010-4722 | Unspecified vulnerability in Smarty Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors. | 10.0 |
| 2011-02-03 | CVE-2009-5054 | Permissions, Privileges, and Access Controls vulnerability in Smarty Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations. | 7.5 |
| 2011-02-03 | CVE-2009-5053 | Remote Security vulnerability in Smarty Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file. | 7.5 |
| 2011-02-03 | CVE-2009-5052 | Remote Security vulnerability in Smarty Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors. | 10.0 |
| 2009-05-18 | CVE-2009-1669 | Improper Input Validation vulnerability in Smarty 2.6.22 The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. | 10.0 |
| 2008-10-31 | CVE-2008-4811 | Permissions, Privileges, and Access Controls vulnerability in Smarty The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character. | 7.5 |
| 2008-10-31 | CVE-2008-4810 | Code Injection vulnerability in Smarty The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. | 7.5 |
| 2008-02-28 | CVE-2008-1066 | Improper Input Validation vulnerability in Smarty The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string. | 7.5 |
| 2005-05-02 | CVE-2005-0913 | Remote PHP Script Execution vulnerability in Smarty Template Engine Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code. | 7.5 |