Smarty Template Engine Vulnerability scope

Smarty (Smarty.net) is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. This implies that PHP code is application logic, and is separated from the presentation.

Smarty compiles copies of the templates as PHP scripts, granting the benefits of both template tag syntax and the speed of PHP. This approach keeps the templates easy to maintain, and yet keeps execution times extremely fast. Since the compiled versions are PHP, op-code accelerators such as APC or ZendCache continue to work on the compiled scripts.

We are currently looking for the following items in Smarty Template Engine:

  • Code/command execution
  • Authentication bypass
  • Command injection

Think you figured out how to run unauthenticated commands on Smarty Template Engine? We are looking for you! Found something not on this list? We still want to buy it!