Bypassing trusted_dir Protection Mechanism in Smarty

Bypassing trusted_dir Protection Mechanism in Smarty

CVE-2018-16831 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:N/A:N

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

Learn more about our Web Application Penetration Testing UK.