Smarty_Security::isTrustedResourceDir()
in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
{ "nvd_published_at": "2018-09-18T21:29:00Z", "cwe_ids": [ "CWE-22" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-07-19T23:14:57Z" }