Critical severityNVD Advisory· Published Nov 20, 2019· Updated Aug 6, 2024
CVE-2011-1028
CVE-2011-1028
Description
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
smarty/smartyPackagist | < 3.0.7 | 3.0.7 |
Affected products
2- smarty3/smarty3v5Range: 3
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/advisories/GHSA-6frx-2r5w-c524ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-1028ghsaADVISORY
- access.redhat.com/security/cve/cve-2011-1028mitrex_refsource_MISC
- github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cbghsaWEB
- seclists.org/oss-sec/2011/q1/313ghsax_refsource_MISCWEB
- security-tracker.debian.org/tracker/CVE-2011-1028ghsax_refsource_MISCWEB
- web.archive.org/web/20110609032516/http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txtghsaWEB
- www.smarty.net/forums/viewtopic.phpghsaWEB
News mentions
0No linked articles in our index yet.