Количество 2
Количество 2
CVE-2018-11494
The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code'].
GHSA-wx3q-f5f2-4q8v
OpenCart Path Traversal
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-11494 The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | CVSS3: 8 | 1% Низкий | больше 7 лет назад |
| GHSA-wx3q-f5f2-4q8v OpenCart Path Traversal | CVSS3: 8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу