3.1.20

DATE	CVE	VULNERABILITY TITLE	RISK
2014-11-03	CVE-2014-8350	Code Injection vulnerability in Smarty Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template. network low complexity smarty CWE-94	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.