CVE-2018-13982

Name of the Vulnerable Software and Affected Versions Smarty versions prior to 3.1.33

Description The issue is related to a path traversal vulnerability due to insufficient template code sanitization in the Smarty Security::isTrustedResourceDir() method. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 3.1.33, update to version 3.1.33 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.