GHSA-6frx-2r5w-c524

Suggest an improvement
Source
https://github.com/advisories/GHSA-6frx-2r5w-c524
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-6frx-2r5w-c524/GHSA-6frx-2r5w-c524.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-6frx-2r5w-c524
Aliases
Published
2022-04-22T00:24:15Z
Modified
2024-01-12T22:56:40.426363Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Smarty3 Arbitrary PHP Code Execution
Details

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

Database specific
{
    "nvd_published_at": "2019-11-20T15:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T22:38:45Z"
}
References

Affected packages

Packagist / smarty/smarty

Package

Name
smarty/smarty
Purl
pkg:composer/smarty/smarty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.7

Affected versions

v2.*

v2.6.24
v2.6.25
v2.6.26
v2.6.27
v2.6.28
v2.6.29
v2.6.30
v2.6.31
v2.6.33