smarty/smarty Security Advisories for v3.1.34 (8)
-
[HIGH] Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
PKSA-5rsx-p2fk-h2gr CVE-2024-35226 GHSA-4rmg-292m-wg3w
Affected version: >=3.0.0,<4.5.3|>=5.0.0,<5.1.1
Reported by:
GitHub -
[HIGH] Cross site scripting vulnerability in Javascript escaping
PKSA-2q9d-8kh9-49wx CVE-2023-28447 GHSA-7j98-h7fp-4vwj
Affected version: <3.1.48|>=4.0.0,<4.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] smarty_function_mailto - JavaScript injection in eval function
PKSA-pght-23ww-rrdy CVE-2018-25047 GHSA-hwq7-5vv9-c6cf
Affected version: <3.1.47|>=4.0.0,<4.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] PHP Code Injection by malicious block or filename
PKSA-6y8p-nrf4-ysf5 CVE-2022-29221 GHSA-634x-pc3q-cf4c
Affected version: <3.1.45|>=4.0.0,<4.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Access to restricted PHP code by dynamic static class access
PKSA-31hv-m6rg-8ryk CVE-2021-21408 GHSA-4h9c-v5vg-5m6m
Affected version: <3.1.43|>=4.0.0,<4.0.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Sandbox Escape by math function
PKSA-98zc-53yc-qt81 CVE-2021-29454 GHSA-29gp-2c3m-3j6m
Affected version: <3.1.42|>=4.0.0,<4.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection
PKSA-t4kv-1sv2-1mzx CVE-2021-26120 GHSA-3rpf-5rqv-689q
Affected version: <=3.1.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] template_object Sandbox Escape PHP Code Injection
PKSA-wc9h-gs49-76tm CVE-2021-26119 GHSA-w5hr-jm4j-9jvq
Affected version: <=3.1.38
Reported by:
GitHub, FriendsOfPHP/security-advisories