VDB

GCVE-110-MAGEIA-2021-335

GCVE-110-MAGEIA-2021-335
Advisory Published
Vulnetix · Advisory published July 10, 2021
Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode (CVE-2021-26119). Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring (CVE-2021-26120).

Affected Products

VendorProductVersionsPlatforms
Mageiaphp-smarty0 (affected), 3.1.39-1.mga8 (unaffected)
Mageiaphp-smarty0 (affected), 3.1.39-1.mga7 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›