CVE-2022-29221

HIGH

Smarty <3.1.45, <4.1.1 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-29221. PoCs published by sbani.

AI-analyzed exploit summary This PoC demonstrates CVE-2022-29221, a PHP code injection vulnerability in Smarty template engine via malicious {block} names. The exploit shows how arbitrary commands can be executed by embedding PHP code in template block names.

Description

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.

Exploits (1)

nomisec WORKING POC 16 stars

by sbani · poc

https://github.com/sbani/CVE-2022-29221-PoC

View Code ZIP pw:eip

This PoC demonstrates CVE-2022-29221, a PHP code injection vulnerability in Smarty template engine via malicious {block} names. The exploit shows how arbitrary commands can be executed by embedding PHP code in template block names.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Smarty template engine (versions before 3.1.45 and 4.1.1)

No auth needed

Prerequisites: Access to a Smarty template engine instance with vulnerable version · Ability to modify template files

MITRE ATT&CK