Smarty Template Engine 2.6.9 - '$smarty.template' PHP Code Injection
| EKU-ID: 39974 | CVE: | OSVDB-ID: |
| Author: jonieske | Published: 2011-02-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 39974 | CVE: | OSVDB-ID: |
| Author: jonieske | Published: 2011-02-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/46366/info Smarty Template Engine is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to Smarty Template Engine 3.0.7 are vulnerable. $smarty.template : '.(include 'hack.php').'.tpl