Skip to main content

Smarty

10 CVEs product

Monthly

CVE-2023-41661 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Smarty
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28447 PHP MEDIUM PATCH This Month

Smarty is a template engine for PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Smarty Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-29221 PHP HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection Smarty Debian Linux +1
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-26120 PHP CRITICAL PATCH Act Now

{function name= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Smarty Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
82.3%
CVE-2021-26119 PHP HIGH PATCH This Week

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Smarty Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
9.4%
CVE-2018-13982 PHP HIGH POC PATCH This Week

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Smarty Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.5%
CVE-2018-16831 PHP MEDIUM POC PATCH This Month

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Smarty
NVD GitHub
CVSS 3.0
5.9
EPSS
2.7%
CVE-2014-8350 PHP HIGH POC PATCH This Week

{literal}<{/literal}script language=php>" in a template. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection Smarty
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2012-4437 PHP MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Smarty
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-4277 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Smarty
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Smarty
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Smarty is a template engine for PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Smarty +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

PHP RCE Code Injection +3
NVD GitHub
EPSS 82% CVSS 9.8
CRITICAL PATCH Act Now

{function name= substring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Code Injection Smarty +1
NVD GitHub
EPSS 9% CVSS 7.5
HIGH PATCH This Week

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Smarty Debian Linux
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Smarty Debian Linux
NVD GitHub
EPSS 3% CVSS 5.9
MEDIUM POC PATCH This Month

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Smarty
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

{literal}<{/literal}script language=php>" in a template. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Code Injection +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Smarty
NVD
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Smarty
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy