Smarty.

Publicated on : 1206618195
Since I'm not interested in global news, or a ton of new dead bodies, nor the weather forecast. I usually browse my feeds and vulnerability databases in my lunch time. And today I saw that Smarty, -yes the template engine- is vulnerable. I never use it. Not because it's insecure, but because of it's sheer size and useless adaptation of template rendering. Which was kinda cool back in 2001, but these days I don't know why any sane developer should use smarty, it goes beyond my logic I think.



Smarty Template Engine 'regex_replace' Template Security Bypass Vulnerability.