Description

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.

INFO

Published Date :

2024-06-22T05:00:03.429Z

Last Modified :

2024-08-01T22:20:40.981Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21518 vulnerability.

Vendors Products
Opencart
  • Opencart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21518.

URL Resource
https://github.com/opencart/opencart/blob/04c1724370ab02967d3b4f668c1b67771ecf1ff4/upload/admin/controller/marketplace/installer.php%23L383C1-L383C1 cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact