File Manager Vulnerability in OpenCart by OpenCart
CVE-2013-1891

6.5MEDIUM

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 24 June 2022

What is CVE-2013-1891?

In OpenCart versions ranging from 1.4.7 to 1.5.5.1, a flaw exists in the anti-traversal security measures implemented within filemanager.php. This vulnerability allows attackers to bypass established restrictions, potentially exposing sensitive files on the server. Attackers can manipulate file paths to gain unauthorized access, thus threatening the integrity of the application and the confidentiality of stored data.

Affected Version(s)

opencart opencart 1.4.7 to 1.5.5.1

References

http://www.waraxe.us/advisory-98.html

x_refsource_MISC

https://seclists.org/fulldisclosure/2013/Mar/176

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2013/03/24/1

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2022
Vulnerability Reserved
Feb 19, 2013

Opencart

What is CVE-2013-1891?

Affected Version(s)

References

CVSS V3.1

Timeline