Lucene search

GoogleOSV:GHSA-7Q3H-J95Q-3VJH

HistoryJun 22, 2024 - 6:30 a.m.

Arbitrary File Creation in opencart

2024-06-2206:30:37

Google

osv.dev

opencart

arbitrary file creation

database restoration

php code injection

admin privileges

backup file

security recommendations

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup.

Note:

It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

References

github.com/opencart/opencart

github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353

github.com/opencart/opencart/blob/master/upload/admin/controller/tool/upload.php%23L353

nvd.nist.gov/vuln/detail/CVE-2024-21519

security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.8%

JSON

Related for OSV:GHSA-7Q3H-J95Q-3VJH