Browse all 5 CVE security advisories affecting smarty-php. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Smarty-php serves as a PHP templating engine enabling separation of application logic from presentation, widely used in web development for generating dynamic content. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and insecure default configurations. The five recorded CVEs highlight risks including template injection flaws that allow attackers to execute arbitrary code and bypass security controls. While no major public incidents have been widely documented, the persistent vulnerability patterns underscore the need for strict input sanitization and updated implementations when using this templating solution in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-35226 | PHP Code Injection by malicious attribute in extends-tag in Smarty — smartyCWE-94 | 7.3 | High | 2024-05-28 |
| CVE-2023-28447 | Cross site scripting vulnerability in Javascript escaping in smarty/smarty — smartyCWE-79 | 7.1 | High | 2023-03-28 |
| CVE-2022-29221 | PHP Code Injection by malicious block or filename in Smarty — smartyCWE-94 | 8.8 | High | 2022-05-24 |
| CVE-2021-21408 | Access to restricted PHP code by dynamic static class access in smarty — smartyCWE-20 | 8.8 | High | 2022-01-10 |
| CVE-2021-29454 | Sandbox Escape by math function in smarty — smartyCWE-74 | 8.1 | High | 2022-01-10 |
This page lists every published CVE security advisory associated with smarty-php. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.