Page 2 of 6 results (0.004 seconds)
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11495
https://notcve.org/view.php?id=CVE-2018-11495
OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. OpenCart hasta la versión 3.0.2.0 permite el salto de directorio en la función editDownload en admin\model\catalog\download.php mediante admin/index.php? • http://www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •