PT-2018-10611 · Opencart · Opencart

Published

2018-05-26

Updated

2022-05-14

CVE-2018-11494

CVSS v3.1

8.0

High

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenCart versions through 3.0.2.0

Description The issue concerns the "program extension upload" feature, which has a six-step process. Attackers can execute arbitrary code if the remove step is skipped, allowing them to discover a secret temporary directory name via a directory traversal attack involving the language info['code'] variable.

Recommendations For OpenCart versions through 3.0.2.0, consider disabling the "program extension upload" feature until a patch is available to prevent the execution of arbitrary code. Restrict access to the directory traversal functionality to minimize the risk of exploitation. Avoid using the language info['code'] variable in sensitive operations until the issue is resolved.

Exploit

Fix

Path traversal

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-434

Related Identifiers

CVE-2018-11494

GHSA-WX3Q-F5F2-4Q8V

Affected Products

Opencart

PT-2018-10611 · Opencart · Opencart

CVE-2018-11494

Weakness Enumeration

Related Identifiers

Affected Products

References · 6