Simon Wisselink

3 exploits Active since Jan 2022
CVE-2021-21408 WRITEUP HIGH WRITEUP
Smarty < 3.1.43 - Improper Input Validation
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
CVSS 8.8
CVE-2021-29454 WRITEUP HIGH WRITEUP
Smarty < 3.1.42 - Injection
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.
CVSS 8.1
CVE-2024-35226 WRITEUP HIGH WRITEUP
Smarty < 5.1.1 - Code Injection
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.
CVSS 7.3