Search CVE reports
11 – 20 of 31 results
CVE-2018-16831
Medium prioritySome fixes available 1 of 2
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
1 affected packages
smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| smarty3 | — | Not affected | Not affected | Fixed | Not affected |
CVE-2017-1000480
Medium prioritySome fixes available 1 of 2
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
1 affected packages
smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| smarty3 | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2014-8350
Medium prioritySmarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
4 affected packages
gallery2, moodle, smarty, smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | Not in release | Not in release |
| moodle | — | — | — | Not affected | Not affected |
| smarty | — | — | — | Not in release | Not in release |
| smarty3 | — | — | — | Not affected | Not affected |
CVE-2012-4437
Medium priorityCross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.
4 affected packages
gallery2, moodle, smarty, smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | — | Not in release |
| moodle | — | — | — | — | Not affected |
| smarty | — | — | — | — | Not in release |
| smarty3 | — | — | — | — | Not affected |
CVE-2012-4277
Medium priorityCross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script...
1 affected packages
smarty3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| smarty3 | — | — | — | — | Not affected |
CVE-2012-1066
Medium priorityCross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar.
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | — | Not in release |
| moodle | — | — | — | — | Not affected |
| smarty | — | — | — | — | Not in release |
CVE-2010-4727
Low prioritySmarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | — | Not in release |
| moodle | — | — | — | — | Not affected |
| smarty | — | — | — | — | Not in release |
CVE-2010-4726
Low priorityUnspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | — | Not in release |
| moodle | — | — | — | — | Not affected |
| smarty | — | — | — | — | Not in release |
CVE-2010-4725
Low prioritySmarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | — | Not in release |
| moodle | — | — | — | — | Not affected |
| smarty | — | — | — | — | Not in release |
CVE-2010-4724
Low priorityMultiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gallery2 | — | — | — | — | Not in release |
| moodle | — | — | — | — | Not affected |
| smarty | — | — | — | — | Not in release |