Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


SBA Security Advisory – Smarty – Trusted-Directory Bypass via Path Traversal (CVE-2018-13982)

Vulnerability Overview

Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security restriction and read arbitrary files.

  • Type of Vulnerability: Path Traversal
  • Fixed in Version: 3.1.33
  • CVSSv3 Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVSSv3 Base Score: 8.6 (High)

Recommended Countermeasure

We recommend to update Smarty to version 3.1.33 or later. For further details, see the full security advisory.


Full Security Advisory