Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smarty vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv2
CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trus...
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
6.5
CVSSv2
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user p...
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
7.5
CVSSv2
CVE-2007-2608
PHP remote file inclusion vulnerability in lib/smarty/SmartyFU.class.php in Miplex2 Alpha 1 allows remote malicious users to execute arbitrary PHP code via a URL in the system[smarty][dir] parameter.
Miplex2 Miplex2 Alpha 1
1 EDB exploit
4.3
CVSSv2
CVE-2011-0451
Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty/templates/default/list.tpl and (2) data/Smarty/templates/default/campaign/bloc/cart_tag.tpl in EC-CUBE prior to 2.4.4 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors...
Lockon Ec-cube
Lockon Ec-cube 2.1.2
Lockon Ec-cube 1.4.5
Lockon Ec-cube 1.4.0
Lockon Ec-cube 1.3.3
Lockon Ec-cube 1.3.0
Lockon Ec-cube 1.1.0
Lockon Ec-cube 2.11.0
Lockon Ec-cube 2.3.0
Lockon Ec-cube 2.2.1
Lockon Ec-cube 2.2.0
Lockon Ec-cube 1.4.6
Lockon Ec-cube 1.3.4
Lockon Ec-cube 1.4.1
Lockon Ec-cube 1.2.0
Lockon Ec-cube 1.3.1
Lockon Ec-cube 2.4.4
Lockon Ec-cube 2.4.1
Lockon Ec-cube 2.4.2
Lockon Ec-cube 2.0.1
Lockon Ec-cube 2.0.0
Lockon Ec-cube 1.5.0
NA
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows malicious users to run arbitrary code via crafted smarty email template.
Gambio Gambio 4.9.2.0
7.5
CVSSv2
CVE-2017-1000453
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
Cmsmadesimple Cms Made Simple
4.3
CVSSv2
CVE-2017-9332
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
Pivotx Pivotx 2.3.11
7.5
CVSSv2
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
5
CVSSv2
CVE-2018-20566
An issue exists in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page.
Douco Douphp 1.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »