Vulnerabilities > Smarty > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-24 CVE-2022-29221 Code Injection vulnerability in multiple products
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject CWE-94
8.8
8.8
2022-01-10 CVE-2021-21408 Improper Input Validation vulnerability in multiple products
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject CWE-20
8.8
8.8
2022-01-10 CVE-2021-29454 Injection vulnerability in multiple products
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.
network
low complexity
smarty debian fedoraproject CWE-74
8.8
8.8
2021-02-22 CVE-2021-26119 Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
network
low complexity
smarty debian
7.5
7.5
2019-11-20 CVE-2011-1028 Improper Input Validation vulnerability in multiple products
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
network
low complexity
smarty debian CWE-20
7.5
7.5
2018-09-11 CVE-2018-16831 Path Traversal vulnerability in Smarty
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
network
smarty CWE-22
7.1
7.1
2018-01-03 CVE-2017-1000480 Code Injection vulnerability in Smarty
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
network
low complexity
smarty CWE-94
7.5
7.5
2014-11-03 CVE-2014-8350 Code Injection vulnerability in Smarty
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
network
low complexity
smarty CWE-94
7.5
7.5
2011-02-03 CVE-2009-5054 Permissions, Privileges, and Access Controls vulnerability in Smarty
Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
network
low complexity
smarty CWE-264
7.5
7.5
2011-02-03 CVE-2009-5053 Remote Security vulnerability in Smarty
Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.
network
low complexity
smarty
7.5
7.5