OpenCart Multiple Security Vulnerabilities
BID:52957
Info
OpenCart Multiple Security Vulnerabilities
| Bugtraq ID: | 52957 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2012 12:00AM |
| Updated: | Apr 10 2012 12:00AM |
| Credit: | Janek Vind "waraxe" |
| Vulnerable: |
OpenCart OpenCart 1.5.2.1 |
| Not Vulnerable: | |
Discussion
OpenCart Multiple Security Vulnerabilities
OpenCart is prone to the following security vulnerabilities:
1. A local file-include vulnerability
2. An arbitrary-file-upload vulnerability
3. A weak encryption vulnerability
4. An HTTP response-splitting vulnerability
An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, obtain sensitive information, execute remote code, obtain encryption keys, and influence or misrepresent how web content is served, cached, or interpreted.
OpenCart 1.5.2.1 is vulnerable; other versions may also be affected.
OpenCart is prone to the following security vulnerabilities:
1. A local file-include vulnerability
2. An arbitrary-file-upload vulnerability
3. A weak encryption vulnerability
4. An HTTP response-splitting vulnerability
An attacker can exploit these issues to upload arbitrary files onto the webserver, execute arbitrary local files within the context of the webserver, obtain sensitive information, execute remote code, obtain encryption keys, and influence or misrepresent how web content is served, cached, or interpreted.
OpenCart 1.5.2.1 is vulnerable; other versions may also be affected.
Exploit / POC
OpenCart Multiple Security Vulnerabilities
An attacker can exploit these issues with a browser.
An attacker can exploit these issues with a browser.
Solution / Fix
OpenCart Multiple Security Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
OpenCart Multiple Security Vulnerabilities
References:
References:
- OpenCart Homepage (OpenCart)
- Multiple Vulnerabilities in OpenCart 1.5.2.1 ([email protected])
- [waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1 (Janek Vind "waraxe")