Описание
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 |
| devel | released | 3.1.39-2ubuntu1 |
| esm-apps/bionic | released | 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 |
| esm-apps/focal | released | 3.1.34+20190228.1.c9f0de05+selfpack1-1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 3.1.39-2ubuntu1 |
| esm-apps/noble | released | 3.1.39-2ubuntu1 |
| esm-apps/xenial | released | 3.1.21-1ubuntu1+esm1 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| hirsute | ignored | end of life |
Показывать по
Ссылки на источники
6.5 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
Smarty is a template engine for PHP, facilitating the separation of pr ...
Уязвимость обработчика шаблонов для PHP Smarty, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код
6.5 Medium
CVSS2
8.1 High
CVSS3