Base Score

MEDIUM5.9

CVE-2018-16831

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

VectorNETWORK

Published Bycve@mitre.org

Published DateSep 11, 2018, 13:29

Affected Versions(1)

smarty/smarty(Packagist)

Introduced0

Fixed3.1.33

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
smarty/smarty(Packagist)	0	3.1.33	N/A

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

https://github.com/smarty-php/smarty/issues/486

Base Score

MEDIUM5.9

Weakness Type (CWE):CWE-22

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE