Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PHP Code Injection by malicious block or filename in Smarty
Vulnerability Description
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Smarty 代码注入漏洞
Vulnerability Description
Smarty是基于PHP的模板引擎,有助于将表示 (HTML/CSS) 与应用程序逻辑分离。 Smarty 3.1.45之前的3.1.x版本以及4.1.1之前的4.1.x版本存在代码注入漏洞,远程攻击者利用该漏洞可以发送专门编写的请求,并在目标系统上执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A