Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smarty vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-7105
PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote malicious users to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probabl...
Smarty Smarty 2.6.9
7.5
CVSSv2
CVE-2005-0913
Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty prior to 2.6.8 allows malicious users to execute arbitrary PHP code.
Smarty Smarty 2.6.6
Smarty Smarty 2.6.4
Smarty Smarty 2.6.5
Smarty Smarty 2.6.2
Smarty Smarty 2.6.3
Smarty Smarty 2.6.7
7.1
CVSSv2
CVE-2018-16831
Smarty prior to 3.1.33-dev-4 allows malicious users to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
Smarty Smarty
6.8
CVSSv2
CVE-2010-2618
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
Insanevisions Adapcms 2.0.0
Insanevisions Adapcms 2.0.1
2 EDB exploits
6.5
CVSSv2
CVE-2022-29221
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trus...
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
6.5
CVSSv2
CVE-2021-21408
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv2
CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user p...
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
1 Github repository
6.5
CVSSv2
CVE-2020-35625
An issue exists in the Widgets extension for MediaWiki up to and including 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smart...
Mediawiki Mediawiki
6
CVSSv2
CVE-2008-3325
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x prior to 1.6.7 and 1.7.x prior to 1.7.5 allows remote malicious users to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
Moodle Moodle
Debian Debian Linux 4.0
5
CVSSv2
CVE-2021-26119
Smarty prior to 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.
Smarty Smarty
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »