Описание
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| smarty3 | fixed | 3.1.21-1 | package | |
| smarty3 | end-of-life | squeeze | package | |
| smarty | not-affected | package |
Примечания
https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch
Связанные уязвимости
ubuntu
больше 11 лет назад
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
nvd
больше 11 лет назад
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
