Lucene search
Veracode Vulnerability DatabaseVERACODE:29453HistoryFeb 22, 2021 - 7:04 a.m.
Remote Code Execution (RCE)
2021-02-2207:04:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
smarty
remote code execution
vulnerable library
arbitrary commands
illegal function names
EPSS
0.011
Percentile
84.8%
Smarty is vulnerable to remote code execution. The library does not properly handle the illegal function names in {function name='blah'}{/function}, allowing a malicious user to inject and execute arbitrary commands.
References
github.com/advisories/GHSA-3rpf-5rqv-689q
github.com/smarty-php/smarty/blob/master/CHANGELOG.md
github.com/smarty-php/smarty/commit/4f634c0097ab4a8b2adc2a97caacd1676e88f9c8
lists.debian.org/debian-lts-announce/2021/04/msg00004.html
lists.debian.org/debian-lts-announce/2021/04/msg00014.html
security.gentoo.org/glsa/202105-06
srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html
www.debian.org/security/2022/dsa-5151
Related
ubuntucve
ubuntucve
CVE-2021-26120
2021-02-22 00:00:00
osv
osv
CVE-2021-26120
2021-02-22 02:15:14
PHP Code Injection by malicious function name in smarty
2021-02-26 19:53:24
smarty3 - security update
2021-04-05 00:00:00
cvelist
cvelist
CVE-2021-26120
2021-02-22 01:38:15
prion
prion
Code injection
2021-02-22 02:15:00
friendsofphp
friendsofphp
Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection
2021-01-24 22:44:07
debiancve
debiancve
CVE-2021-26120
2021-02-22 02:15:14
cve
cve
CVE-2021-26120
2021-02-22 02:15:14
nvd
nvd
CVE-2021-26120
2021-02-22 02:15:14
github
github
PHP Code Injection by malicious function name in smarty
2021-02-26 19:53:24
freebsd
freebsd
Bacula-Web -- Multiple Vulnerabilities
2021-07-11 00:00:00
mageia
mageia
Updated php-smarty package fixes security vulnerabilities
2021-07-10 23:00:34
Updated php-smarty packages fix security vulnerability
2022-04-03 01:22:09
gentoo
gentoo
Smarty: Multiple vulnerabilities
2021-05-26 00:00:00
nessus
nessus
FreeBSD : Bacula-Web -- Multiple Vulnerabilities (f05dbd1f-2599-11ec-91be-001b217b3468)
2021-10-06 00:00:00
GLSA-202105-06 : Smarty: Multiple vulnerabilities
2021-05-27 00:00:00
Ubuntu 20.04 ESM : Smarty vulnerabilities (USN-5348-3)
2023-10-20 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0335)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-2618-1)
2021-04-06 00:00:00
Fedora: Security Advisory for php-Smarty (FEDORA-2022-52154efd61)
2022-10-24 00:00:00
srcincite
srcincite
debian
debian
[SECURITY] [DLA 2618-2] smarty3 regression update
2021-04-16 07:54:10
[SECURITY] [DLA 2618-1] smarty3 security update
2021-04-05 06:25:41
[SECURITY] [DSA 5151-1] smarty3 security update
2022-05-29 14:57:57
fedora
fedora
[SECURITY] Fedora 37 Update: php-Smarty-3.1.47-1.fc37
2022-11-10 22:46:12
[SECURITY] Fedora 36 Update: php-Smarty-3.1.47-1.fc36
2022-10-23 09:04:31
ubuntu
ubuntu
Smarty vulnerabilities
2022-06-21 00:00:00
Smarty vulnerabilities
2022-03-28 00:00:00
Smarty vulnerabilities
2022-03-28 00:00:00