CVE-2018-11495

Name of the Vulnerable Software and Affected Versions OpenCart versions 3.0.2.0 and earlier

Description The issue allows directory traversal in the editDownload function within adminmodelcatalogdownload.php via the admin/index.php?route=catalog/download/edit endpoint, related to the download id variable. This enables an attacker to download sensitive files, such as ../../config.php.

Recommendations For OpenCart versions 3.0.2.0 and earlier, as a temporary workaround, consider restricting access to the admin/index.php?route=catalog/download/edit endpoint until a patch is available. Additionally, restrict the use of the download id variable in the editDownload function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.