THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-21518

Assigner:snyk
Reserved:2023-12-22
Published:2024-06-22
Updated:2024-06-22

Description

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.



HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P

Problem types

Arbitrary File Write via Archive Extraction (Zip Slip)

Credits

Calum Hutton

References

https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578

https://github.com/opencart/opencart/blob/04c1724370ab02967d3b4f668c1b67771ecf1ff4/upload/admin/controller/marketplace/installer.php%23L383C1-L383C1

cve.org CVE-2024-21518

nvd.nist.gov CVE-2024-21518

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21518
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit