- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 35343
- Проверка EDB
-
- Пройдено
- Автор
- JONIESKE
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2011-02-09
Код:
source: https://www.securityfocus.com/bid/46366/info
Smarty Template Engine is prone to a remote PHP code-injection vulnerability.
An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
Versions prior to Smarty Template Engine 3.0.7 are vulnerable.
$smarty.template : '.(include 'hack.php').'.tpl- Источник
- www.exploit-db.com
