| Título | OpenCart 4.1.0.3 Path Traversal |
|---|
| Descripción | A Zip Slip vulnerability exists in the OpenCart extension installer for .ocmod.zip packages. During installation, ZIP entry names are used to build filesystem paths without properly rejecting traversal sequences such as ../ or validating that the resolved path remains داخل the intended extraction directory. An authenticated administrator who installs a crafted extension package can cause files to be written outside DIR_EXTENSION, resulting in arbitrary file write and possible remote code execution depending on the writable target path and server configuration |
|---|
| Fuente | ⚠️ https://drive.google.com/file/d/1YemSW2Tn0LKzY3mPosMzElQeHs8P3LMt/view?usp=sharing |
|---|
| Usuario | hai271120 (UID 96497) |
|---|
| Sumisión | 2026-03-16 13:18 (hace 21 días) |
|---|
| Moderación | 2026-04-01 15:50 (16 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 354665 [OpenCart 4.1.0.3 Extension Installer Page installer.php recorrido de directorios] |
|---|
| Puntos | 20 |
|---|