GHSA-65J5-VPM7-6XP4 Smarty Path Traversal Vulnerability

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

Directory Traversal

smarty/smarty is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of file path that allows the external files to be references through trusteddir, causing a directory traversal attack. This issue is also referenced in CVE-2018-13982...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

Design/Logic Flaw

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusteddir protection mechanism via a file:./../ substring in an include statement...