[CRITICAL] Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection

PKSA-t4kv-1sv2-1mzx CVE-2021-26120 GHSA-3rpf-5rqv-689q

Affected package: smarty/smarty

Affected version: <=3.1.38

Reported by:
GitHub, FriendsOfPHP/security-advisories