PHP Code Injection Vulnerability in Smarty 3 before 3.1.32

PHP Code Injection Vulnerability in Smarty 3 before 3.1.32

CVE-2017-1000480 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.

Learn more about our Web Application Penetration Testing UK.