CVE-2021-21408

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3

Description Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods prior to versions 3.1.43 and 4.0.3.

Recommendations For versions prior to 3.1.43, update to version 3.1.43 to receive the patch. For versions prior to 4.0.3, update to version 4.0.3 to receive the patch.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-21408

DLA-2995-1

DSA-5151-1

GHSA-4H9C-V5VG-5M6M

MGASA-2022-0127

USN-5348-1

USN-5348-2

USN-5348-3

Affected Products

Linuxmint

Smarty

Ubuntu

CVE-2021-21408

Weakness Enumeration

Related Identifiers

Affected Products

References · 45