Smarty 3 prior to 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Debian Bug report logs -
#886460
smarty3: CVE-2017-1000480
Package:
src:smarty3;
Maintainer for src:smarty3 is Mike Gabriel <sunweaver@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 6 Jan 2018 10:45:01 UTC
Severity: important
Tags: security, upstream
Found in version smarty3/3131+20 ...
It was discovered that Smarty, a PHP template engine, was vulnerable to
code-injection attacks An attacker was able to craft a filename in
comments that could lead to arbitrary code execution on the host running
Smarty
For the oldstable distribution (jessie), this problem has been fixed
in version 3121-1+deb8u1
For the stable distribution (str ...