Metazo
1 CVEs
product
Monthly
IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
RCE
Ssti
Metazo
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2025-46661
EPSS 1%
CVSS 10.0
CRITICAL
Act Now
IPW Systems Metazo through 8.1.3 allows unauthenticated Remote Code Execution because smartyValidator.php enables the attacker to provide template expressions, aka Server-Side Template-Injection. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
PHP
RCE
Ssti
+1
NVD