Vulnerabilities > Smarty

DATE CVE VULNERABILITY TITLE RISK
2018-09-11 CVE-2018-16831 Path Traversal vulnerability in Smarty
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
network
high complexity
smarty CWE-22
5.9
2018-01-03 CVE-2017-1000480 Code Injection vulnerability in Smarty
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
network
low complexity
smarty CWE-94
critical
9.8