| عنوان | OpenCart 4.1.0.3 Path Traversal |
|---|
| الوصف | A Zip Slip vulnerability exists in the OpenCart extension installer for .ocmod.zip packages. During installation, ZIP entry names are used to build filesystem paths without properly rejecting traversal sequences such as ../ or validating that the resolved path remains داخل the intended extraction directory. An authenticated administrator who installs a crafted extension package can cause files to be written outside DIR_EXTENSION, resulting in arbitrary file write and possible remote code execution depending on the writable target path and server configuration |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/1YemSW2Tn0LKzY3mPosMzElQeHs8P3LMt/view?usp=sharing |
|---|
| المستخدم | hai271120 (UID 96497) |
|---|
| ارسال | 16/03/2026 01:18 PM (4 أشهر منذ) |
|---|
| الاعتدال | 01/04/2026 03:50 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 354665 [OpenCart 4.1.0.3 Extension Installer Page installer.php اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|