Uwe Tews

**Name of the Vulnerable Software and Affected Versions** Smarty version 2.6.20 **Description** The issue allows remote attackers to execute arbitrary PHP code via vectors related to templates, including the use of a dollar-sign character and a double quoted literal string. This affects slightly different SVN revisions. **Recommendations** For Smarty version 2.6.20, update to a version after r2797 to resolve the issue. As a temporary workaround, consider restricting the use of dollar-sign characters and double quoted literal strings in templates until a patch is available.