إرسال #780814: OpenCart 4.1.0.3 Path Traversalالمعلومات

عنوانOpenCart 4.1.0.3 Path Traversal
الوصفA Zip Slip vulnerability exists in the OpenCart extension installer for .ocmod.zip packages. During installation, ZIP entry names are used to build filesystem paths without properly rejecting traversal sequences such as ../ or validating that the resolved path remains داخل the intended extraction directory. An authenticated administrator who installs a crafted extension package can cause files to be written outside DIR_EXTENSION, resulting in arbitrary file write and possible remote code execution depending on the writable target path and server configuration
المصدر⚠️ https://drive.google.com/file/d/1YemSW2Tn0LKzY3mPosMzElQeHs8P3LMt/view?usp=sharing
المستخدم
 hai271120 (UID 96497)
ارسال16/03/2026 01:18 PM (4 أشهر منذ)
الاعتدال01/04/2026 03:50 PM (16 days later)
الحالةتمت الموافقة
إدخال VulDB354665 [OpenCart 4.1.0.3 Extension Installer Page installer.php اجتياز الدليل]
النقاط20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!