The displayBlock function Template.php in Sensio Labs Twig prior to 1.20.0, when Sandbox mode is enabled, allows remote malicious users to execute arbitrary code via the _self variable in a template.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symfony twig |