Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2
CVE-2023-2315

8.1HIGH

Key Information:

Vendor: Opencart
Status: Opencart
Vendor: CVE Published:; 27 September 2023

Summary

OpenCart versions 4.0.0.0 to 4.0.2.2 are susceptible to a path traversal vulnerability that allows an authenticated user with access to the Log component to manipulate server files. This flaw can lead to the arbitrary modification or deletion of files, compromising the integrity and security of the server environment. Mitigation measures should be applied by updating to the patched version to prevent potential exploitation.

Affected Version(s)

Opencart 4.0.0.0 <= 4.0.2.2

References

https://starlabs.sg/advisories/23/23-2315/

third-party-advisory

https://github.com/opencart/opencart/commit/0a8dd91e385f7...

patch

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Apr 27, 2023

Credit

Poh Jia Hao (@Chocologicall) of STAR Labs SG Pte. Ltd. (@starlabs_sg)