CVE 2010-4723
Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.
See the
CVE page on Mitre.org
for more details.