CVE-2021-46433

Published March 28th, 2022

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

fenom-template/fenom

Template Engine for PHP.

GitHub

443