CVE-2017-1000480
Description
Smarty 3 before 3.1.32 allows PHP code injection in fetch() and display() functions via unsanitized template names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Smarty 3 before 3.1.32 allows PHP code injection in `fetch()` and `display()` functions via unsanitized template names.
Vulnerability
The vulnerability resides in the Smarty template engine for PHP, affecting versions 3 before 3.1.32. The flaw occurs when the fetch() or display() functions are called with custom resources, and the template name is not sanitized, allowing injection of arbitrary PHP code [1].
Exploitation
An attacker must be able to control the template name parameter passed to the fetch() or display() methods of a custom resource. By providing a specially crafted string, the attacker can inject PHP code that the engine will execute [1]. No authentication is required if the application exposes these functions to user input.
Impact
Successful exploitation leads to arbitrary PHP code execution on the server. This can result in full compromise of the application and server, including data disclosure, modification, or destruction, and potential further lateral movement within the network [1].
Mitigation
The vulnerability is fixed in Smarty version 3.1.32, released in 2017. Users should upgrade to Smarty 3.1.32 or later [1][2]. No workarounds are disclosed in the available references; upgrading is the recommended mitigation.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
smarty/smartyPackagist | >= 3, < 3.1.32 | 3.1.32 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-9m49-vhwv-422gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-1000480ghsaADVISORY
- www.debian.org/security/2018/dsa-4094ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/smarty-php/smarty/blob/master/change_log.txtghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2018/01/msg00023.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2018/02/msg00000.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.