Filtered by vendor Smarty
Subscriptions
Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4727 | 1 Smarty | 1 Smarty | 2025-04-11 | N/A |
| Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-4277 | 1 Smarty | 1 Smarty | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-5054 | 1 Smarty | 1 Smarty | 2025-04-11 | N/A |
| Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations. | ||||
| CVE-2010-4725 | 1 Smarty | 1 Smarty | 2025-04-11 | N/A |
| Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors. | ||||
| CVE-2023-41661 | 1 Smarty | 1 Smarty | 2024-11-21 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. | ||||
| CVE-2021-26120 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 9.8 Critical |
| Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring. | ||||
| CVE-2021-26119 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 7.5 High |
| Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | ||||
| CVE-2018-16831 | 1 Smarty | 1 Smarty | 2024-11-21 | N/A |
| Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. | ||||
| CVE-2018-13982 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 7.5 High |
| Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | ||||
| CVE-2017-1000480 | 1 Smarty | 1 Smarty | 2024-11-21 | N/A |
| Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | ||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 9.8 Critical |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | ||||