CVE-2018-11494
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].
La característica "program extension upload" en OpenCart hasta la versión 3.0.2.0 tiene un proceso en seis pasos (subir, instalar, descomprimir, mover, xml, eliminar) que permite que los atacantes ejecuten código arbitrario si se omite el paso de eliminar. Esto se debe a que el atacante puede descubrir un nombre de directorio temporal secreto (que contiene 10 dígitos aleatorios) mediante un ataque de salto de directorio relacionado con language_info['code'].
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-26 CVE Reserved
- 2018-05-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.bigdiao.cc/2018/05/24/Opencart-v3-0-2-0 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opencart Search vendor "Opencart" | Opencart Search vendor "Opencart" for product "Opencart" | <= 3.0.2.0 Search vendor "Opencart" for product "Opencart" and version " <= 3.0.2.0" | - |
Affected
| ||||||