Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.Referenceshttp://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
