CVE-2018-16831 — Path Traversal in Smarty

CWE-22 — Path Traversal14 documents6 sources

Severity

5.9MEDIUMNVD

OSV7.5

EPSS

0.4%

top 41.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Smarty Debian Smarty3

Timeline

PublishedSep 11

Latest updateJun 21

Description

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

▶Packagistsmarty/smarty< 3.1.33

▶debiandebian/smarty3< smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1 (bookworm)

▶NVDsmarty/smarty3.0.0 — 3.1.32

🔴Vulnerability Details

OSV

smarty3 vulnerabilities↗2022-06-21

▶

OSV

Smarty Path Traversal Vulnerability↗2022-05-14

▶

GHSA

Smarty Path Traversal Vulnerability↗2022-05-14

▶

OSV

smarty3 vulnerabilities↗2022-03-28

▶

OSV

smarty3 vulnerabilities↗2022-03-28

▶

📋Vendor Advisories

Ubuntu

Smarty vulnerabilities↗2022-06-21

▶

Ubuntu

Smarty vulnerabilities↗2022-03-28

▶

Ubuntu

Smarty vulnerabilities↗2022-03-28

▶

Debian

CVE-2018-16831: smarty3 - Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection...↗2018

▶

💬Community

Bugzilla

CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass↗2018-09-13

▶

Bugzilla

CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all]↗2018-09-13

▶

Bugzilla

CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all]↗2018-09-13

▶