| Bug | jessie | stretch | buster | bullseye | bookworm | sid | Description |
|---|
| CVE-2024-35226 | vulnerable | vulnerable | fixed | fixed | vulnerable | fixed | Smarty is a template engine for PHP, facilitating the separation of pr ... |
| CVE-2023-28447 | vulnerable | vulnerable | fixed | fixed | vulnerable (no DSA) | fixed | Smarty is a template engine for PHP. In affected versions smarty did n ... |
| CVE-2022-29221 | vulnerable | fixed | fixed | fixed | fixed | fixed | Smarty is a template engine for PHP, facilitating the separation of pr ... |
| CVE-2021-29454 | vulnerable | fixed | fixed | fixed | fixed | fixed | Smarty is a template engine for PHP, facilitating the separation of pr ... |
| CVE-2021-26120 | vulnerable | fixed | fixed | fixed | fixed | fixed | Smarty before 3.1.39 allows code injection via an unexpected function ... |
| CVE-2021-26119 | vulnerable | fixed | fixed | fixed | fixed | fixed | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ... |
| CVE-2021-21408 | vulnerable | fixed | fixed | fixed | fixed | fixed | Smarty is a template engine for PHP, facilitating the separation of pr ... |
| CVE-2018-25047 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ... |
| Bug | Description |
|---|
| TEMP-0000000-2C7EFD | incorrect handling of {$smarty.template} and {$smarty.current_dir} |
| CVE-2018-16831 | Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ... |
| CVE-2018-13982 | Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ... |
| CVE-2017-1000480 | Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when call ... |
| CVE-2014-8350 | Smarty before 3.1.21 allows remote attackers to bypass the secure mode ... |
| CVE-2012-4437 | Cross-site scripting (XSS) vulnerability in the SmartyException class ... |
| CVE-2012-4277 | Cross-site scripting (XSS) vulnerability in the smarty_function_html_o ... |
| CVE-2011-1028 | The $smarty.template variable in Smarty3 allows attackers to possibly ... |
| CVE-2010-4727 | Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> t ... |
| CVE-2010-4726 | Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC ... |
| CVE-2010-4725 | Smarty before 3.0.0 RC3 does not properly handle an on value of the as ... |
| CVE-2010-4724 | Multiple unspecified vulnerabilities in the parser implementation in S ... |
| CVE-2010-4723 | Smarty before 3.0.0, when security is enabled, does not prevent access ... |
| CVE-2010-4722 | Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 h ... |
| CVE-2009-5054 | Smarty before 3.0.0 beta 4 does not consider the umask value when sett ... |
| CVE-2009-5053 | Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ... |
| CVE-2009-5052 | Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 hav ... |