SnykVULNRICHMENT:CVE-2024-21518CVE-2024-21518
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An attacker can create arbitrary files in the web root of the application and overwrite other existing files by exploiting this vulnerability.
CNA Affected
[
{
"vendor": "n/a",
"product": "opencart/opencart",
"versions": [
{
"status": "affected",
"version": "4.0.0.0",
"lessThan": "*",
"versionType": "semver"
}
]
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:opencart:opencart:*:*:*:*:*:*:*:*"
],
"vendor": "opencart",
"product": "opencart",
"versions": [
{
"status": "affected",
"version": "4.0.0.0",
"lessThan": "*",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total