2018-01-03 18:00:00
mitre
PUBLISHED
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.