CVE-2018-13982 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Affected Products (NVD)

Vendor	Product	Version
smarty	smarty	𝑥 < 3.1.33
debian	debian_linux	9.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

smarty3

bookworm	3.1.47-2 fixed
bullseye	3.1.39-2+deb11u1 fixed
bullseye (security)	3.1.39-2+deb11u1 fixed
jessie	not-affected
sid	3.1.48-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

smarty3

bionic	Fixed 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 released
cosmic	ignored
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
trusty	dne
xenial	not-affected

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal

https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50

https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe

https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531

https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1

https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8

https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html

https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html

https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal

https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50

https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe

https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531

https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1

https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8

https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html

https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html