QwikSec

Security Database

CVE

CWE

Training

CVE-2018-13982

Published: Sep 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50

x_refsource_CONFIRM

https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8

x_refsource_CONFIRM

https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1

x_refsource_CONFIRM

https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe

x_refsource_CONFIRM

https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531

x_refsource_CONFIRM

https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal

x_refsource_MISC

[debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.