Unrestricted Access to Dynamic and Private Object Members in Smarty

Unrestricted Access to Dynamic and Private Object Members in Smarty

CVE-2010-4723 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.

Learn more about our Web Application Penetration Testing UK.