Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smarty vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2017-1000454
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read prior to 2.2, and local file inclusion since 2.2.1
Cmsmadesimple Cms Made Simple
4.3
CVSSv2
CVE-2014-8939
Lexiglot through 2014-11-20 allows remote malicious users to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.
Piwigo Lexiglot
NA
CVE-2023-43359
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local malicious user to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component.
Cmsmadesimple Cms Made Simple 2.2.18
5
CVSSv2
CVE-2007-3171
Uebimiau Webmail allows remote malicious users to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages.
Uebimiau Uebimiau 2.7.10
Uebimiau Uebimiau 2.7.2
Uebimiau Uebimiau 2.7.9
1 EDB exploit
7.5
CVSSv2
CVE-2011-5061
functions.php in WHMCompleteSolution (WHMCS) 4.0.x up to and including 5.0.x allows remote malicious users to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.
Whmcs Whmcompletesolution 4.3.1
Whmcs Whmcompletesolution 4.1.2
Whmcs Whmcompletesolution 4.2.0
Whmcs Whmcompletesolution 4.2.1
Whmcs Whmcompletesolution 5.0.3
Whmcs Whmcompletesolution 5.0.2
Whmcs Whmcompletesolution 5.0.1
Whmcs Whmcompletesolution 5.0.0
Whmcs Whmcompletesolution 4.3.0
Whmcs Whmcompletesolution 4.0.2
Whmcs Whmcompletesolution 4.4.2
Whmcs Whmcompletesolution 4.4.0
Whmcs Whmcompletesolution 4.1.1
Whmcs Whmcompletesolution 4.0.0
Whmcs Whmcompletesolution 4.5.2
Whmcs Whmcompletesolution 4.5.1
Whmcs Whmcompletesolution 4.0.1
Whmcs Whmcompletesolution 4.1.0
Whmcs Whmcompletesolution 4.5.0
Whmcs Whmcompletesolution 4.4.1
5
CVSSv2
CVE-2011-3782
phpLD 2-151.2.0 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libs/smarty/Smarty_Compiler.class.php and certain other files.
Phplinkdirectory Phpld 2-151.2.0
7.5
CVSSv2
CVE-2008-7034
PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote malicious users to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.
Tigran Abrahamyan Phpecho Cms 2.0
5
CVSSv2
CVE-2011-3758
::mound:: 2.1.6 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/smarty/libs/sysplugins/smarty_internal_template.php and certain other files.
Moundlabs \\ \\
6.8
CVSSv2
CVE-2010-2618
PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected.
Insanevisions Adapcms 2.0.0
Insanevisions Adapcms 2.0.1
2 EDB exploits
7.5
CVSSv2
CVE-2007-1855
Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote malicious users to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filena...
Webasyst Llc Shop-script
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »