CVE-2017-1000480: Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when call ...

Severity: Critical

CVSS Score: 9.8

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.