Description

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

INFO

Published Date :

2024-06-22T05:00:04.894Z

Last Modified :

2024-08-01T22:20:40.947Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2024-21519 vulnerability.

Vendors Products
Opencart
  • Opencart
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-21519.

URL Resource
https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353 cve-icon cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact