exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2021-29454

около 4 лет назад

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

CVSS3: 8.1

EPSS: Низкий

CVE-2021-29454

около 4 лет назад

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

CVSS3: 8.1

EPSS: Низкий

CVE-2021-29454

около 4 лет назад

Smarty is a template engine for PHP, facilitating the separation of pr ...

CVSS3: 8.1

EPSS: Низкий

GHSA-29gp-2c3m-3j6m

около 4 лет назад

Sandbox Escape by math function in smarty

CVSS3: 8.1

EPSS: Низкий

BDU:2022-02129

почти 5 лет назад

Уязвимость обработчика шаблонов для PHP Smarty, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.	CVSS3: 8.1	1% Низкий	около 4 лет назад
CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.	CVSS3: 8.1	1% Низкий	около 4 лет назад
CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of pr ...	CVSS3: 8.1	1% Низкий	около 4 лет назад
GHSA-29gp-2c3m-3j6m Sandbox Escape by math function in smarty	CVSS3: 8.1	1% Низкий	около 4 лет назад
BDU:2022-02129 Уязвимость обработчика шаблонов для PHP Smarty, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код	CVSS3: 8.8	1% Низкий	почти 5 лет назад

Уязвимостей на страницу