Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.
Go to Source of this post
Author Of this post:

By admin