Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 31 results


CVE-2024-35226

Medium priority
Needs evaluation

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag....

2 affected packages

smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation Not in release Not in release
Show less packages

CVE-2023-28447

High priority

Some fixes available 3 of 27

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser...

4 affected packages

civicrm, postfixadmin, smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Vulnerable Fixed Fixed Fixed Not affected
smarty3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation Not in release Not in release Not in release Ignored
Show less packages

CVE-2018-25047

Medium priority
Needs evaluation

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of...

2 affected packages

smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation Not in release Not in release Not in release Ignored
Show less packages

CVE-2022-29221

Medium priority

Some fixes available 9 of 32

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...

6 affected packages

collabtive, galette, gosa, postfixadmin, smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
collabtive Needs evaluation
galette Needs evaluation
gosa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Not affected Fixed Fixed Fixed Not affected
smarty3 Fixed Fixed Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation
Show less packages

CVE-2021-29454

High priority

Some fixes available 10 of 11

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math...

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-21408

Medium priority

Some fixes available 10 of 11

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade...

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-26120

Medium priority

Some fixes available 3 of 5

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-26119

Medium priority

Some fixes available 3 of 5

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2011-1028

Medium priority
Ignored

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

3 affected packages

gallery2, moodle, smarty

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gallery2 Not in release
moodle Not affected
smarty Not in release
Show less packages

CVE-2018-13982

Medium priority

Some fixes available 1 of 2

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the...

1 affected packages

smarty3

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
smarty3 Not affected Not affected Fixed Not affected
Show less packages