Download
| Alert*
oval:org.secpod.oval:def:116084
Smarty is a template engine for PHP, facilitating the separation of presentation from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php oval:org.secpod.oval:def:53234 It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. oval:org.secpod.oval:def:116090 Smarty is a template engine for PHP, facilitating the separation of presentation from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php oval:org.secpod.oval:def:603256 FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch. For reference, the relevant part of the original advisory text follows. It was discovered that Smarty, a PHP template engine, was vulnerable to ... oval:org.secpod.oval:def:603245 It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty. |