The smarty_function_math function in libs/plugins/function.math.php in
Smarty 2.6.22 allows context-dependent attackers to execute arbitrary
commands via shell metacharacters in the equation attribute of the math
function. NOTE: some of these details are obtained from third party
mdeslaur> may be a PoC here: http://www.milw0rm.com/exploits/8659
mdeslaur> Debian says: TODO: check. It should be windows specific.
Updated: 2015-07-29 20:35:48 UTC (commit 9756)