Smarty

smarty

31 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (31)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-4722 1Smarty 1Smarty Apr 29, 2026 Feb 3, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors.
CVE-2009-5054 1Smarty 1Smarty Apr 29, 2026 Feb 3, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.
CVE-2009-5053 1Smarty 1Smarty Apr 29, 2026 Feb 3, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.
CVE-2009-5052 1Smarty 1Smarty Apr 29, 2026 Feb 3, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.
CVE-2009-1669 1Smarty 1Smarty Apr 23, 2026 May 18, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math functio...Show more The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-4811 1Smarty 1Smarty Apr 23, 2026 Oct 31, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a do...Show more The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.Show less
CVE-2008-4810 1Smarty 1Smarty Apr 23, 2026 Oct 31, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka...Show more The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions.Show less
CVE-2008-1066 1Smarty 1Smarty Apr 23, 2026 Feb 28, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search stri...Show more The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.Show less
CVE-2006-7193 1Smarty 1Smarty Apr 23, 2026 Apr 12, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a...Show more PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constantShow less
CVE-2006-7105 1Smarty 1Smarty Apr 23, 2026 Mar 3, 2007 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is u...Show more PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrectShow less
CVE-2005-0913 1Smarty 1Smarty Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code.