Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.
References
Configurations
No configuration.
History
21 Nov 2024, 09:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a - | |
References | () https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w - |
29 May 2024, 13:02
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 May 2024, 21:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-28 21:16
Updated : 2024-11-21 09:19
NVD link : CVE-2024-35226
Mitre link : CVE-2024-35226
CVE.ORG link : CVE-2024-35226
JSON object : View
Products Affected
No product.
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')