The smarty_function_math function in libs/plugins/function.math.php in
Smarty 2.6.22 allows context-dependent attackers to execute arbitrary
commands via shell metacharacters in the equation attribute of the math
function. NOTE: some of these details are obtained from third party
mdeslaur> may be a PoC here: http://www.milw0rm.com/exploits/8659
mdeslaur> Debian says: TODO: check. It should be windows specific.
Updated: 2015-10-17 03:32:34 UTC (commit 10086)