cbcvebase.
CVE-2018-16831
published 2018-09-11

CVE-2018-16831: Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

PriorityP430medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
2.66%
83.8th percentile
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

Affected

3 ranges
VendorProductVersion rangeFixed in
debiansmarty3< smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bookworm)smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bookworm)
smartysmarty>= 0 < 3.1.333.1.33
smartysmarty3.0.0 – 3.1.32

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:C/I:N/A:N
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.