VYPR
Medium severity5.9NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026

CVE-2018-16831

CVE-2018-16831

Description

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
smarty/smartyPackagist
< 3.1.333.1.33

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.