| Название | OpenCart 4.1.0.3 Path Traversal |
|---|
| Описание | A Zip Slip vulnerability exists in the OpenCart extension installer for .ocmod.zip packages. During installation, ZIP entry names are used to build filesystem paths without properly rejecting traversal sequences such as ../ or validating that the resolved path remains داخل the intended extraction directory. An authenticated administrator who installs a crafted extension package can cause files to be written outside DIR_EXTENSION, resulting in arbitrary file write and possible remote code execution depending on the writable target path and server configuration |
|---|
| Источник | ⚠️ https://drive.google.com/file/d/1YemSW2Tn0LKzY3mPosMzElQeHs8P3LMt/view?usp=sharing |
|---|
| Пользователь | hai271120 (UID 96497) |
|---|
| Представление | 16.03.2026 13:18 (20 дни назад) |
|---|
| Модерация | 01.04.2026 15:50 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354665 [OpenCart 4.1.0.3 Extension Installer Page installer.php обход каталога] |
|---|
| Баллы | 20 |
|---|