Arbitrary Code Execution in Smarty Template Engine (Versions < 3.1.43 and 4.0.3)

Arbitrary Code Execution in Smarty Template Engine (Versions < 3.1.43 and 4.0.3)

CVE-2021-21408 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.

Learn more about our User Device Pen Test.