CVE-2015-7809

Published November 6th, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.

twigphp/Twig

Twig, the flexible, fast, and secure template language for PHP

GitHub

8.36K