SUSE CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

USN-5348-3: Smarty vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

[SECURITY] [DLA 2618-2] smarty3 regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-2 [email protected] https://www.debian.org/lts/security/ Abhijith PA April 16, 2021 https://wiki.debian.org/LTS -...

[SECURITY] [DLA 2618-1] smarty3 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2618-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA April 05, 2021 https://wiki.debian.org/LTS -...

Updated php-smarty packages fix security vulnerability

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files CVE-2018-13982...

CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

CVE-2018-13982

SmartySecurity::isTrustedResourceDir in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files...

CVE-2018-13982

Smarty path traversal vulnerability CVE-2018-13982 affects Smarty6’s template engine (Smarty) via isTrustedResourceDir() in versions prior to 3.1.33, allowing an attacker controlling template code to read arbitrary files due to insufficient sanitization. The issue is brought up across multiple ad...

Directory Traversal

smarty/smarty is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of file path that allows the external files to be references through trusteddir, causing a directory traversal attack. This issue is also referenced in CVE-2018-13982...

Trusted-Directory Bypass via Path Traversal

Smarty Trusted-Directory Bypass via Path Traversal\nVulnerability Overview\nSmarty 3.1.32 or below is prone to a path traversal vulnerability due\nto insufficient sanitization of code in Smarty templates. This allows\nattackers controlling the Smarty template to bypass the trusted\ndirectory...

Trusted-Directory Bypass via Path Traversal

Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...