GitHub Advisory DatabaseGHSA-7Q3H-J95Q-3VJHArbitrary File Creation in opencart
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
17.7%
This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.
Note:
It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.
Affected configurations
References
github.com/advisories/GHSA-7q3h-j95q-3vjh
github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353
github.com/opencart/opencart/blob/master/upload/admin/controller/tool/upload.php%23L353
nvd.nist.gov/vuln/detail/CVE-2024-21519
security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
17.7%