Access to restricted PHP code by dynamic static class access in smarty

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

输入验证不恰当

Smarty 输入验证错误漏洞

Smarty是Smarty 是 PHP 的模板引擎，有助于将表示 (HTML/CSS) 与应用程序逻辑分离。 Smarty存在安全漏洞，该漏洞源于Smarty是PHP的一个模板引擎，它促进了表示(HTML CSS)与应用逻辑的分离。在3.1.43和4.0.3版本之前，模板作者可以运行受限的静态php方法。用户应该升级到3.1.43或4.0.3版本来接收补丁。

N/A

N/A