CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
References
Link Resource
https://github.com/smarty-php/smarty/issues/486 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*

Information

Published : 2018-09-11 01:29

Updated : 2018-11-16 02:38


NVD link : CVE-2018-16831

Mitre link : CVE-2018-16831

Products Affected
No products.
CWE