Описание
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| smarty3 | fixed | 3.1.33+20180830.1.3a78a21f+selfpack1-1 | package | |
| smarty3 | not-affected | jessie | package |
Примечания
https://github.com/smarty-php/smarty/issues/486
CVE is about the include tag as an attack vector.
vulnerable code introduced in realpath() rewrite (c09b05cbe) released in 3.1.28
Связанные уязвимости
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
Уязвимость обработчика шаблонов для PHP Smarty, связанная с недостатками обработки массива путей к доверенным каталогам $trusted_dir, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации