2 matches found
USN-5348-3: Smarty vulnerabilities
USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...
CVE-2018-16831
CVE-2018-16831 concerns the Smarty PHP templating engine. The vulnerability arises in Smarty before 3.1.33-dev-4, where an attacker can bypass the trusted_dir protection mechanism by injecting a file:./../ substring into an include statement, enabling potential unintended access to files. The iss...