Smarty: Template vulnerability
http://smarty.php.net
March 21, 2005

http://www.gentoo.org/security/en/glsa/glsa-200503-35.xml
Synopsis
========

Smarty's "Template security" feature can be bypassed, potentially
allowing a remote attacker to execute arbitrary PHP code.

Background
==========

Smarty is a template engine for PHP. The "template security" feature of
Smarty is designed to help reduce the risk of a system compromise when
you have untrusted parties editing templates.

Affected packages
=================

dev-php/smarty < 2.6.8

Description
===========

A vulnerability has been discovered within the regex_replace modifier
of the Smarty templates when allowing access to untrusted users.

Impact
======

This issue may allow a remote attacker to bypass the "template
security" feature of Smarty, and execute arbitrary PHP code.

Workaround
==========

Do not grant template access to untrusted users.

Resolution
==========

All Smarty users should upgrade to the latest version:


References
==========

Smarty ChangeLog
http://smarty.php.net/misc/NEWS