CVE-2006-7105

Name of the Vulnerable Software and Affected Versions Smarty version 2.6.9

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter in the libs/Smarty.class.php file. This is a PHP remote file inclusion issue. Note that the original disclosure uses filename in a function definition, which might make this report incorrect.

Recommendations For Smarty version 2.6.9, consider disabling the use of the filename parameter in the affected API endpoint until a patch is available. Restrict access to the libs/Smarty.class.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.