← Zuruck zu CVEs

CVE-2024-21518

HIGH

7.2

Beschreibung

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.

CVE Details

CVSS v3.1 Bewertung7.2

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht6/22/2024

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

opencart:opencart

Schwachen (CWE)

CWE-29CWE-22CWE-22CWE-290

Referenzen

https://github.com/opencart/opencart/blob/04c1724370ab02967d3b4f668c1b67771ecf1ff4/upload/admin/controller/marketplace/installer.php%23L383C1-L383C1(report@snyk.io)

https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578(report@snyk.io)

https://github.com/opencart/opencart/blob/04c1724370ab02967d3b4f668c1b67771ecf1ff4/upload/admin/controller/marketplace/installer.php%23L383C1-L383C1(af854a3a-2127-422b-91ae-364da2661108)

https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.