CVE-2021-26120: Smarty before 3.1.39 allows code injection via an unexpected function ...

Severity: Critical

CVSS Score: 9.8

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.