Altm4N

**Name of the Vulnerable Software and Affected Versions** Smarty versions prior to 3.1.45 Smarty versions 4.0.0 through 4.1.0 **Description** The issue is related to incorrect code generation management in the PHP Smarty template engine, allowing a remote attacker to execute arbitrary PHP code. Template authors could inject PHP code by choosing a malicious `{block}` name or `{include}` file name. This affects sites that cannot fully trust template authors. **Recommendations** For versions prior to 3.1.45, upgrade to version 3.1.45 to receive a patch for this issue. For versions 4.0.0 through 4.1.0, upgrade to version 4.1.1 to receive a patch for this issue. As a temporary workaround, consider restricting the ability of template authors to choose `{block}` names or `{include}` file names until a patch is applied.