Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
578
VMScore

CVE-2022-29221

Published: 24/05/2022 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Smarty

Vulnerability Summary

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

smarty smarty

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Debian CVElist Bug Report Logs: smarty4: CVE-2022-29221 - template authors can inject php code by choosing malicious filenames
Debian Bug report logs - #1011757 smarty4: CVE-2022-29221 - template authors can inject php code by choosing malicious filenames Package: src:smarty4; Maintainer for src:smarty4 is Mike Gabriel <sunweaver@debianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Thu, 26 May 2022 12:33:01 UTC Severity: impo ...
Debian Security Advisories: DSA-5151-1 smarty3 -- security update
Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name If a math string was passed through as user provided data to the ...

Github Repositories

https://github.com/sbani/CVE-2022-29221-PoC

CVE-2022-29221 Proof of Concept Code - Smarty RCE

CVE-2022-29221-PoC This is a very basic Smarty sceleton app with a single template that shows the Proof of Concept code for CVE-2022-29221 Injection Example Code: {block name="poc*/system('whoami');/*"}ABC{/block} See: githubcom/sbani/CVE-2022-29221-PoC/blob/main/template/indextpl After running the code, Sma

References

CWE-94https://github.com/smarty-php/smarty/releases/tag/v3.1.45https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4chttps://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccdddhttps://github.com/smarty-php/smarty/releases/tag/v4.1.1https://www.debian.org/security/2022/dsa-5151https://lists.debian.org/debian-lts-announce/2022/05/msg00044.htmlhttps://security.gentoo.org/glsa/202209-09https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L777JIBIWJV34HS7LXPIDWASG7TT4LNI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011757https://nvd.nist.govhttps://github.com/sbani/CVE-2022-29221-PoChttps://www.debian.org/security/2022/dsa-5151
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook