Improper Input Validation Affecting opencart/opencart package, versions <2.3.0.0
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-OPENCARTOPENCART-2935892
- published 26 Jul 2022
- disclosed 26 Jun 2022
- credit Janek Vind
Introduced: 26 Jun 2022
CVE-2013-1891 Open this link in a new tabHow to fix?
Upgrade opencart/opencart
to version 2.3.0.0 or higher.
Overview
opencart/opencart is a shopping cart system
Affected versions of this package are vulnerable to Improper Input Validation in the directory()
, files()
, create()
, delete()
, move()
, copy()
, rename()
, and upload()
functions in filemanager.php
, which allows access to files outside of the intended image/data/
directory. Attackers can supply a value including path traversal substrings (e.g. ..\
on Windows or ..././
on other operating systems) to any of the parameters directory
, name
, path
, from
, or `to to gain access to unintended locations on the filesystem.