VYPR

Smarty

by Smarty

Source repositories

CVEs (27)

  • CVE-2009-5053Feb 3, 2011
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.

  • CVE-2009-5052Feb 3, 2011
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

  • CVE-2008-4811Oct 31, 2008
    risk 0.00cvss epss 0.02

    The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.

  • CVE-2008-4810Oct 31, 2008
    risk 0.00cvss epss 0.02

    The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted…

  • CVE-2008-1066Feb 28, 2008
    risk 0.00cvss epss 0.02

    The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

  • CVE-2006-7193Apr 12, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant

  • CVE-2005-0913May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code.

Page 2 of 2