漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PHP Code Injection by malicious attribute in extends-tag in Smarty
Vulnerability Description
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Smarty 安全漏洞
Vulnerability Description
Smarty是基于PHP的模板引擎,有助于将表示 (HTML/CSS) 与应用程序逻辑分离。 Smarty存在安全漏洞,该漏洞源于允许攻击者通过extends-tag选择恶意文件名来注入PHP代码。受影响的产品和版本:Smarty 3.x版本,4.5.3之前版本,5.2.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A