CVE-2024-21519

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including the extension), within /system/storage/backup. **Note:** It is less likely for the created file to be available within the web root, as part of the security recommendations for the application suggest moving the storage path outside of the web root.

Esto afecta a las versiones del paquete opencart/opencart desde 4.0.0.0. Se identificó un problema de creación arbitraria de archivos mediante la funcionalidad de restauración de la base de datos. Al inyectar código PHP en la base de datos, un atacante con privilegios de administrador puede crear un archivo de copia de seguridad con un nombre de archivo arbitrario (incluida la extensión), dentro de /system/storage/backup. **Nota:** Es menos probable que el archivo creado esté disponible en la raíz web, ya que parte de las recomendaciones de seguridad para la aplicación sugieren mover la ruta de almacenamiento fuera de la raíz web.

*Credits: Calum Hutton

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-12-22 CVE Reserved
2024-06-22 CVE Published
2024-06-25 EPSS Updated
2024-08-01 CVE Updated
2024-08-01 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (2)

URL	Tag	Source
https://github.com/opencart/opencart/blob/4.0.2.3/upload/admin/controller/tool/upload.php%23L353

URL	Date	SRC
https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579	2024-08-01

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opencart Search vendor "Opencart"		Opencart Search vendor "Opencart" for product "Opencart"				>= 4.0.0.0 Search vendor "Opencart" for product "Opencart" and version " >= 4.0.0.0"		-		Affected