Описание
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| smarty | removed | package | ||
| smarty3 | fixed | 3.1.31+20161214.1.c7d42e4+selfpack1-3 | package |
Примечания
https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 8 лет назад
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
CVSS3: 9.8
nvd
около 8 лет назад
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
