Impact
Template authors could run arbitrary PHP code by crafting a malicious math string.
If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string.
Patches
Please upgrade to 4.0.2 or 3.1.42 or higher.
References
See documentation on Math function.
For more information
If you have any questions or comments about this advisory please open an issue in the Smarty repo
Impact
Template authors could run arbitrary PHP code by crafting a malicious math string.
If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string.
Patches
Please upgrade to 4.0.2 or 3.1.42 or higher.
References
See documentation on Math function.
For more information
If you have any questions or comments about this advisory please open an issue in the Smarty repo