Nixpkgs security tracker

Permalink CVE-2011-1028

created 2 months ago Activity log

Created suggestion 2 months ago

The $smarty.template variable in Smarty3 allows attackers to possibly execute …

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

References

https://security-tracker.debian.org/tracker/CVE-2011-1028 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-1028 x_transferredx_refsource_MISC
https://seclists.org/oss-sec/2011/q1/313 x_transferredx_refsource_MISC

Affected products

smarty3

Matching in nixpkgs

pkgs.smarty3

Smarty 3 template engine

nixos-unstable 3.1.48
- nixpkgs-unstable 3.1.48
- nixos-unstable-small 3.1.48
nixos-25.11 3.1.48
- nixos-25.11-small 3.1.48
- nixpkgs-25.11-darwin 3.1.48

Package maintainers

@dasJ Janne Heß <janne@hess.ooo>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.smarty3

Package maintainers