OpenCart Path Traversal
High severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Apr 23, 2024
Description
Published by the National Vulnerability Database
May 26, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Apr 23, 2024
Last updated
Apr 23, 2024
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].
References