Vulnerabilities

CVE-2018-13982

by Fred · 18/09/2018

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

Date published : 2018-09-18

https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50

https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe

Similar

Tags: Cybersecurity Alert