Impact
Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.
Patches
Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3.
TrixterTheTux Reporter
Impact
Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap.
Patches
Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for v3.