Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smarty smarty vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31181
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and prior to 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP's Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are adv...
Prestashop Prestashop
2 Github repositories
755
VMScore
CVE-2014-9178
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and previous versions for WordPress allow remote malicious users to execute arbitrary SQL commands via the (1) vendor...
Smartypantsplugins Sp Project \\& Document Manager
1 EDB exploit
265
VMScore
CVE-2016-2784
CMS Made Simple 2.x prior to 2.1.3 and 1.x prior to 1.12.2, when Smarty Cache is activated, allow remote malicious users to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
Cmsmadesimple Cms Made Simple 2.1.1
Cmsmadesimple Cms Made Simple 2.1
Cmsmadesimple Cms Made Simple 1.11.11
Cmsmadesimple Cms Made Simple 1.11.10
Cmsmadesimple Cms Made Simple 1.11.3
Cmsmadesimple Cms Made Simple 1.11.2.1
Cmsmadesimple Cms Made Simple 1.10
Cmsmadesimple Cms Made Simple 1.9.4.3
Cmsmadesimple Cms Made Simple 1.9.4.2
Cmsmadesimple Cms Made Simple 1.6.10
Cmsmadesimple Cms Made Simple 1.6.9
Cmsmadesimple Cms Made Simple 1.6.7
Cmsmadesimple Cms Made Simple 1.6.6
Cmsmadesimple Cms Made Simple 1.5.3
Cmsmadesimple Cms Made Simple 1.5.2
Cmsmadesimple Cms Made Simple 1.2.5
Cmsmadesimple Cms Made Simple 1.2.4
Cmsmadesimple Cms Made Simple 1.1.2
Cmsmadesimple Cms Made Simple 1.1.1
Cmsmadesimple Cms Made Simple 1.0.2
Cmsmadesimple Cms Made Simple 1.0.1
Cmsmadesimple Cms Made Simple 1.12.1
1 EDB exploit
578
VMScore
CVE-2020-35625
An issue exists in the Widgets extension for MediaWiki up to and including 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smart...
Mediawiki Mediawiki
755
VMScore
CVE-2007-2326
Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro allow remote malicious users to execute arbitrary PHP code via a URL in the plugin_file parameter to (1) Smarty.class.php and (2) Smarty_Compiler.class.php in inc/libs/; (3) core.display_debug_console.php, (4)...
Goldcoders Hyip Manager Pro
1 EDB exploit
668
VMScore
CVE-2007-1987
Multiple PHP remote file inclusion vulnerabilities in PHPEcho CMS 2.0 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) _plugin_file parameter to smarty/internals/core.load_pulgins.php or the (2) root_path parameter to index.php. NOTE: CVE disputes (...
Phpecho Cms Phpecho Cms 2.0
312
VMScore
CVE-2004-1865
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other me...
Bblog Bblog 0.7.2
NA
CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors sho...
668
VMScore
CVE-2007-2021
Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_...
Pineapple Technologies Lore 1.0
755
VMScore
CVE-2008-2520
Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) syst...
Bigace Bigace 2.4
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »