Описание
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | not-affected | uses system smarty |
| precise | not-affected | uses system smarty |
| precise/esm | DNE | precise was not-affected [uses system smarty] |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | uses system smarty |
| bionic | not-affected | uses system smarty |
| cosmic | not-affected | uses system smarty |
| devel | not-affected | uses system smarty |
| disco | not-affected | uses system smarty |
| esm-apps/bionic | not-affected | uses system smarty |
| esm-apps/xenial | not-affected | uses system smarty |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [uses system smarty]] |
| lucid | not-affected | uses system smarty |
| precise | not-affected | uses system smarty |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.1.21-1 |
| cosmic | not-affected | 3.1.21-1 |
| devel | not-affected | 3.1.21-1 |
| disco | not-affected | 3.1.21-1 |
| esm-apps/bionic | not-affected | 3.1.21-1 |
| esm-apps/xenial | not-affected | 3.1.21-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | DNE | |
| precise | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
Связанные уязвимости
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...
EPSS
7.5 High
CVSS2