matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6.
github.com/advisories/GHSA-mh9j-v6mq-pfch
github.com/FriendsOfPHP/security-advisories/blob/master/matyhtf/framework/CVE-2021-43676.yaml
github.com/matyhtf/framework
github.com/matyhtf/framework/commit/25084603b7ea771eebe263d39744fe6abf1f8d61
github.com/matyhtf/framework/issues/206
nvd.nist.gov/vuln/detail/CVE-2021-43676