{"vulnerability": "CVE-2021-29454", "sightings": [{"uuid": "59346827-4be8-4881-87cd-3ad5e8cf3c25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-29454", "type": "seen", "source": "https://t.me/cibsecurity/35204", "content": "\u203c CVE-2021-29454 \u203c\n\nSmarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-10T22:14:55.000000Z"}]}