Vulnerabilities > Smarty > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-22 | CVE-2021-26120 | Code Injection vulnerability in multiple products Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | 9.8 |
| 2019-11-20 | CVE-2011-1028 | Improper Input Validation vulnerability in multiple products The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | 9.8 |
| 2018-01-03 | CVE-2017-1000480 | Code Injection vulnerability in Smarty Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | 9.8 |