Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| smarty/smarty(Packagist) | 0 | 3.1.33 | N/A |
CVSS Metrics
