Smarty is another template engine developed in PHP. Let's look at the following line:

{php}echo 'id';{/php}

This inoffensive line could result in an RCE attack, but why? Because the line displays anything passed to the PHP interpreter. So, if we pass a PHP web shell as a parameter, it'll be interpreted by the template engine.