Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smarty vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2011-1028
The $smarty.template variable in Smarty3 allows malicious users to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
Smarty Smarty
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv2
CVE-2017-1000480
Smarty 3 prior to 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Smarty Smarty
7.5
CVSSv2
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
Cmsmadesimple Cms Made Simple
7.5
CVSSv2
CVE-2014-9178
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and previous versions for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) vendor...
Smartypantsplugins Sp Project \\& Document Manager
1 EDB exploit
7.5
CVSSv2
CVE-2014-8350
Smarty prior to 3.1.21 allows remote malicious users to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Smarty Smarty 3.1.16
Smarty Smarty 3.1.15
Smarty Smarty 3.1.6
Smarty Smarty 3.1.5
Smarty Smarty 3.1.19
Smarty Smarty 3.1.18
Smarty Smarty 3.1.17
Smarty Smarty 3.1.8
Smarty Smarty 3.1.7
Smarty Smarty 3.1.10
Smarty Smarty 3.1.1
Smarty Smarty 3.0.2
Smarty Smarty 3.0.1
Smarty Smarty 3.0.0
Smarty Smarty 2.6.4
Smarty Smarty 2.6.3
Smarty Smarty 2.6.17
Smarty Smarty 2.6.16
Smarty Smarty 2.6.1
Smarty Smarty 2.6.0
Smarty Smarty 2.4.2
Smarty Smarty 2.4.1
7.5
CVSSv2
CVE-2011-5061
functions.php in WHMCompleteSolution (WHMCS) 4.0.x up to and including 5.0.x allows remote malicious users to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.
Whmcs Whmcompletesolution 4.3.1
Whmcs Whmcompletesolution 4.1.2
Whmcs Whmcompletesolution 4.2.0
Whmcs Whmcompletesolution 4.2.1
Whmcs Whmcompletesolution 5.0.3
Whmcs Whmcompletesolution 5.0.2
Whmcs Whmcompletesolution 5.0.1
Whmcs Whmcompletesolution 5.0.0
Whmcs Whmcompletesolution 4.3.0
Whmcs Whmcompletesolution 4.0.2
Whmcs Whmcompletesolution 4.4.2
Whmcs Whmcompletesolution 4.4.0
Whmcs Whmcompletesolution 4.1.1
Whmcs Whmcompletesolution 4.0.0
Whmcs Whmcompletesolution 4.5.2
Whmcs Whmcompletesolution 4.5.1
Whmcs Whmcompletesolution 4.0.1
Whmcs Whmcompletesolution 4.1.0
Whmcs Whmcompletesolution 4.5.0
Whmcs Whmcompletesolution 4.4.1
7.5
CVSSv2
CVE-2009-5053
Unspecified vulnerability in Smarty prior to 3.0.0 beta 6 allows remote malicious users to execute arbitrary PHP code by injecting this code into a cache file.
Smarty Smarty 2.6.7
Smarty Smarty 2.6.9
Smarty Smarty 2.6.3
Smarty Smarty 2.6.4
Smarty Smarty 2.6.0
Smarty Smarty 2.0.0
Smarty Smarty 2.6.10
Smarty Smarty 2.6.2
Smarty Smarty 2.6.5
Smarty Smarty 2.6.15
Smarty Smarty 2.6.11
Smarty Smarty 1.4.6
Smarty Smarty 1.5.1
Smarty Smarty 2.5.0
Smarty Smarty 2.3.0
Smarty Smarty 2.4.0
Smarty Smarty 1.4.3
Smarty Smarty 1.4.5
Smarty Smarty 1.3.1
Smarty Smarty 1.0b
Smarty Smarty 2.6.25
Smarty Smarty 3.0.0
7.5
CVSSv2
CVE-2009-5054
Smarty prior to 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow malicious users to bypass intended access restrictions via standard filesystem operations.
Smarty Smarty 2.6.2
Smarty Smarty 2.6.9
Smarty Smarty 2.6.13
Smarty Smarty 2.6.0
Smarty Smarty 2.0.1
Smarty Smarty 1.5.1
Smarty Smarty 2.4.1
Smarty Smarty 2.4.0
Smarty Smarty 1.0
Smarty Smarty 1.4.0
Smarty Smarty 1.4.1
Smarty Smarty 1.0b
Smarty Smarty 1.2.0
Smarty Smarty 2.6.22
Smarty Smarty 2.6.1
Smarty Smarty 2.6.10
Smarty Smarty 2.6.17
Smarty Smarty 2.5.0
Smarty Smarty 2.6.20
Smarty Smarty 2.6.11
Smarty Smarty 2.2.0
Smarty Smarty 2.3.0
7.5
CVSSv2
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
7.5
CVSSv2
CVE-2008-7034
PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote malicious users to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.
Tigran Abrahamyan Phpecho Cms 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »