Description

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-05-28T20:55:00.884Z

Last Modified :

2025-11-03T21:54:58.981Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-35226 vulnerability.

Vendors Products
Smarty-php
  • Smarty
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-35226.

URL Resource
https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a cve-icon cve-icon
https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00013.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact