Smarty prior to 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smarty smarty |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |