Published: 22/02/2021 Updated: 14/10/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Smarty prior to 3.1.39 allows code injection via an unexpected function name after a {function name= substring.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smarty smarty
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Several security issues were fixed in Smarty ...

Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name If a math string was passed through as user provided data to the ...

近期刷了一些CTF-Web，简单记录一下做题记录

CTF Note => Web 代码泄露 indexphpswp git indexphpbak wwwtargz robotstxt wwwzip HTTP Header 来源 It doesn't come from 'Sycsecretbuuojcn' Referer: wwwctfcn 浏览器 Please use "Syclover" browser User-Agent: Syclover

CWE-94 https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html https://security.gentoo.org/glsa/202105-06 https://www.debian.org/security/2022/dsa-5151 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5348-1

CVE-2021-26120

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect