EPSS
Percentile
73.9%
smarty-php/smarty is vulnerable to PHP code injection attacks. The vulnerability exists as the template names are unsanitized when called from fetch() or display(), allowing PHP code injection attacks.
fetch()
display()
bugzilla.redhat.com/show_bug.cgi?id=1532493
bugzilla.redhat.com/show_bug.cgi?id=1532494
github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61