VYPR
High severity7.3OSV Advisory· Published May 28, 2024· Updated Jun 17, 2026

CVE-2024-35226

CVE-2024-35226

Description

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
smarty/smartyPackagist
>= 5.0.0, < 5.1.15.1.1
smarty/smartyPackagist
>= 3.0.0, < 4.5.34.5.3

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.