CVE-2018-13982

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2018-09-18 14:29

Updated : 2021-11-02 07:01


NVD link : CVE-2018-13982

Mitre link : CVE-2018-13982


JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

smarty

  • smarty