Smarty_Security::isTrustedResourceDir() in Smarty prior to 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smarty smarty |
||
debian debian linux 9.0 |