Summary:
Security issue caused by using older versions of Smarty
Detailed Description:
CMSMS use Smarty v3.1.31 and enable Smarty security mode. But there are several
sandbox bypass vulnerabilities in Smarty v3.1.31, this can cause users with
template modification capabilities to bypass the sandbox and attack. Developers
should upgrade Smarty to the latest version.
Back to List