CVE-2018-13982

Risk Scores

Affected Products

Exploit Intelligence

• https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal (nist-nvd)
• https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50 (circl)
• https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8 (circl)
• https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1 (circl)
• https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe (circl)
• https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531 (circl)
• [debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update (circl)
• [debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update (circl)
• [debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update (circl)

Timeline

• Sep 18, 2018 CVE Published
• Dec 7, 2018 CVE Updated
• Apr 14, 2021 EPSS Score
• Jun 23, 2021 EPSS Score
• Aug 24, 2021 EPSS Score
• Dec 27, 2021 EPSS Score
• Feb 4, 2022 EPSS Score
• Feb 28, 2022 EPSS Score
• May 2, 2022 EPSS Score
• Sep 5, 2022 EPSS Score
• Nov 6, 2022 EPSS Score
• Jan 8, 2023 EPSS Score

References

• https://ubuntu.com/security/CVE-2018-13982 third-party-advisory
• https://www.openwall.com/lists/oss-security/2018/09/17/4 third-party-advisory
• https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal third-party-advisory
• https://ubuntu.com/security/notices/USN-5348-1 vendor-advisory
• https://www.cve.org/CVERecord?id=CVE-2018-13982 third-party-advisory